FBI Warns Cybercriminals Are Fueling a Surge in Cargo Theft Attacks
5 min. read 
Published on
The FBI has warned transportation and logistics companies about a sharp rise in cyber-enabled cargo theft. Criminal groups are using phishing, fake freight listings, stolen carrier accounts, and business impersonation to hijack valuable shipments.
The losses are already large. The FBI says estimated cargo theft losses in the United States and Canada reached nearly $725 million in 2025, up 60 percent from 2024.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
Confirmed cargo theft incidents also rose 18 percent, while the average value of each theft increased 36 percent to $273,990. The FBI says criminals are becoming more selective and are targeting higher-value loads.
How cybercriminals hijack freight
The attacks usually begin with phishing emails, spoofed domains, or fake links sent to brokers and carriers. These messages may ask targets to download a carrier-broker agreement, review a complaint, or fix a poor service rating.
Once the victim clicks the link, the phishing page can deliver malware or remote monitoring software. That gives attackers hidden access to the broker or carrier’s systems.
After gaining access, criminals post fake loads on online load boards. These load boards are digital marketplaces where shippers, brokers, and carriers arrange freight movement.
At a glance
| Detail | Information |
|---|---|
| Warning source | FBI Internet Crime Complaint Center |
| Main target | Transportation, logistics, shipping, delivery, freight, and cargo insurance companies |
| Estimated 2025 losses | Nearly $725 million in the U.S. and Canada |
| Year-over-year loss increase | 60 percent |
| Incident increase | 18 percent |
| Average theft value | $273,990 |
| Main methods | Phishing, fake load-board listings, malware, account takeover, and impersonation |
Fake listings lead to real stolen cargo
After taking over broker or carrier accounts, attackers use those trusted identities to post fraudulent freight listings. Legitimate carriers may bid on these fake loads without knowing criminals control the communication.
The attackers then use compromised carrier accounts to accept real shipments. They can change delivery details, manipulate bills of lading, and route cargo to drivers or warehouses connected to the scheme.
In some cases, the FBI says criminals contact brokers again and demand money for the location or details of the diverted load. This turns cargo theft into a mix of cybercrime, fraud, and physical theft.
Attackers also change company records
The FBI says criminals may change a compromised carrier’s contact details with the Federal Motor Carrier Safety Administration. They may also update insurance information to make the fraudulent shipment look more legitimate.
This can delay discovery. A legitimate carrier may not know its identity was used until a broker contacts the company about a missing shipment booked under its name.
That delay gives criminals enough time to cross-dock or transload the goods. In this context, that means moving cargo from one truck or warehouse to another so it can be resold or hidden.
Logistics phishing campaigns are already active
The FBI warning fits a broader trend seen across the freight industry. In February 2026, Have I Been Squatted and Ctrl-Alt-Intel detailed a phishing operation called Diesel Vortex that targeted freight and logistics companies in the U.S. and Europe.
That campaign stole more than 1,600 unique credentials from users of major logistics platforms. The targets included users connected to DAT Truckstop, Penske Logistics, Electronic Funds Source, and Timocom.
Researchers said the operation used phishing domains, real-time credential theft, Telegram-based operator tools, and logistics-themed social engineering. This shows how cybercriminals can use stolen access to enable cargo diversion, invoice fraud, and double-brokering schemes.
Warning signs companies should watch for
- Shipment requests made under a company name without internal approval.
- Emails from domains that look almost identical to real broker or carrier domains.
- Requests to download forms from shortened links or unfamiliar websites.
- Emails about poor service reviews that pressure staff to click a link.
- New inbox rules that forward, delete, or hide freight-related emails.
- Phone calls from temporary VoIP numbers or numbers tied to unusual locations.
- Unexpected changes to FMCSA records, insurance details, or carrier contacts.
How logistics companies can reduce the risk
The FBI recommends verifying shipment requests and pickups through secondary channels before releasing cargo. A familiar company name or email address should not count as proof on its own.
Companies should also use multi-factor authentication on load-board accounts, broker portals, email accounts, and remote access tools. Access to freight management systems should use unique passwords and strict account controls.
Detailed records also matter. The FBI advises companies to keep photos of drivers, licenses, vehicles, license plates, cab numbers, truck numbers, Department of Transportation numbers, Motor Carrier numbers, and communication details.
Security steps for brokers and carriers
- Verify every unusual shipment request by phone using a known number, not a number in the email.
- Require MFA for email, load-board accounts, broker portals, and dispatch systems.
- Block staff from installing unknown remote monitoring tools without approval.
- Train dispatchers to spot typosquatted domains and fake complaint emails.
- Review mailbox rules for forwarding, auto-delete, and hidden-folder activity.
- Monitor FMCSA profile changes and insurance updates for unauthorized edits.
- Report suspicious activity to IC3 and local law enforcement quickly.
Why this threat is growing
Cargo theft has moved beyond stolen trailers and fake paperwork. Criminals now use cyber access to decide which loads are worth stealing and which companies they can impersonate.
This makes the attacks faster and more convincing. A stolen broker account can make a fraudulent load look real, while a compromised carrier account can make a suspicious pickup appear legitimate.
The FBI’s wider 2025 Internet Crime Report shows how much cyber-enabled crime has grown. IC3 received more than 1 million complaints in 2025, with reported losses reaching about $20.9 billion.
FAQ
Cyber-enabled cargo theft happens when criminals use phishing, hacked accounts, fake listings, malware, or impersonation to divert and steal real freight shipments.
The FBI says estimated cargo theft losses in the United States and Canada reached nearly $725 million in 2025.
The FBI says attackers target transportation and logistics companies, including shippers, receivers, freight brokers, carriers, delivery companies, and cargo insurers.
They often use spoofed emails, fake URLs, malicious downloads, compromised carrier accounts, and remote monitoring software to access systems without detection.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages