Paste a suspicious carrier email. We extract any MC numbers and verify them live against FMCSA, then scan the text for the patterns brokers see in double-broker and stolen-MC attempts. You get a risk score plus the per-signal breakdown. Free, no signup, we don't store the email.
The scanner reads what's in the email plus what FMCSA says about any MC numbers mentioned. That covers a real majority of carrier-fraud attempts because most stolen-MC and double-broker workflows leave fingerprints in the email body or the FMCSA record. It will not catch every fraud — particularly not the ones where a fully-legitimate carrier (real MC, current authority, clean insurance) accepts the load and then re-brokers it after. For those, the only defense is post-booking monitoring (driver verification 24 hours before pickup, GPS tracking from first mile, check-call discipline).
Three layers. (1) Heuristic text signals — sender uses a generic email domain, multiple corporate domains in one message, multiple MC numbers referenced (a classic double-broker tell), urgency / pressure cues, upfront comcheck or quickpay demands, all-in rate phrasing without breakdown, missing driver phone. (2) Live FMCSA QCMobile verification on every MC number it extracts — authority status, OOS, legal name. (3) A weighted risk score rolling it all up.
No — and any tool that claims to be is overselling. The scanner reads textual patterns plus FMCSA data. It will catch most classic stolen-MC and double-broker tells. It will miss inside jobs (a real carrier with valid authority planning to re-broker after acceptance), forged insurance certificates, and any signal that lives outside the email text. Treat the score as one input into your vetting flow, not the answer.
No. The scan runs server-side, the result returns, and the text is gone. We don't log the body and we don't train on it. The MC numbers we extract get cached briefly via the FMCSA client's hourly revalidate, same as the FMCSA lookup tool.
A few signals stack fast. An MC that doesn't resolve in FMCSA QCMobile is high-severity (30 points) on its own. A revoked or OOS MC is another 30. So a single email that mentions a defunct MC will score high even without other signals. Read the per-signal breakdown — the label is a sum, not a verdict.
Many fraud workflows succeed precisely because the email text looks clean. The textual layer is a screening pass, not proof of safety. Always pair this with a direct FMCSA verification, an insurance cert pull from L&I (not from the carrier's email attachment), a driver-name + cell capture before pickup, and a 24-hour-before-pickup driver call.
Inside the product, this scan runs automatically on every inbound carrier reply — including continuous FMCSA monitoring, insurance verification from L&I directly, double-broker pattern matching against your own historical book, and chameleon-MC reincorporation detection. The free tool here is the one-off screening version of the per-email pipeline.