Hackers are targeting the North American cargo sector by impersonating legitimate businesses – all to steal high-value shipments they can resell for profit, according to a new FBI warning released Friday.
-
Hackers are hijacking freight shipments by posing as trusted trucking firms and brokers.
-
The FBI says stolen logins, fake load listings, and rerouted pickups are helping thieves walk off with high-value cargo.
-
The bigger story: cybercrime is moving deeper into real-world supply chains – and the losses are climbing fast.
The sophisticated scammers are said to be using a variety of tactics, including “spoofed emails, fake URLs, and compromised carrier accounts,” to trick unsuspecting shippers, brokers, and carriers across the US and Canada into handing over their cargo – often rerouting shipments before they reach their intended destination.
The FBI Internet Crime Complaint Center (IC3) alert says there has been a dramatic 60% increase in cyber-enabled cargo theft since 2024, with losses estimated to be nearly $725 million in 2025 alone.
What’s more, the FBI says criminal groups are increasingly shifting toward more targeted operations, focusing on shipments with high resale value and limited traceability.
Officials say the pace of these operations – combined with the complexity of modern supply chains – makes it easier for savvy hackers to exploit gaps and avoid detection until after the cargo is gone.
Steve Cobb, Chief Information Security Officer at SecurityScorecard says “the deeper issue is not only stolen cargo, but how easily trust can be manipulated across interconnected third-party relationships.”
Cobb says it also highlights a growing problem in how organizations manage trust across their vendor ecosystem. “Too often, vendor identity is treated as something familiar rather than something that must be verified,” he says.
Criminals pose as trusted carriers
The hackers are said to rely on social engineering and weaknesses in verification practices to steal login credentials tied to freight brokers or carriers.
Using phishing emails, the threat actor tricks the target company into downloading malware, giving the attacker full remote access to the target’s systems.
Once inside the system, the attackers monitor shipment details and identify high-value loads – such as electronics, consumer goods, or industrial materials.
From there, they impersonate legitimate companies, sometimes creating fake email domains or spoofing real ones, to convince brokers or shippers they are authorized to handle the cargo.
In other cases, the cybercriminals post fraudulent listings on load boards – online marketplaces used by truck owner-operators, shippers, and freight brokers to keep cargo moving – offering to transport goods they have no intention of delivering.
Impersonating brokers using the compromised carrier accounts, the attackers also “get unwitting carriers to move cargo to a different delivery point than specified by the shipper,” an illegal process known as “double-brokering.”
When the cargo is picked up by the fraudsters – instead of delivering the goods to the intended location, the attackers divert the goods to their own facilities for resale.
The FBI says “the compromised carrier may not even realize they are compromised until brokers contact them about missing loads.” Sometimes the threat actor may even hold the delivery, contacting the broker for ransom.
FBI warns small red flags can expose the scam
"Organizations need to address spoofing before it reaches the workflow, not after it has already triggered operational disruptions," Cobb says. “That means verifying changes to contacts, routing, pickup details, and account information through separate channels before action is taken,” he explains.
“In this environment, vendor trust must function as an active security control. Once an attacker can convincingly impersonate a trusted partner, ordinary business workflows can quickly become a direct path to operational and financial loss,” Cobb said.
As with most phishing attacks, the FBI says many of the emails spoof legitimate company domains, and often use free email providers.
Brokers and carriers should be on the lookout for minor changes in the web addresses, including misspellings, extra punctuation, added prefixes or suffixes, the addition of a name and position-related title in the address, as well as using different top-level domains (.com, .us).
The hackers are also known to use overseas phone numbers or phone numbers affiliated with mobile apps. In the phishing emails, the FBI says the hackers will claim negative service reviews and provide links to "review" or "resolve" complaints.
The FBI urges companies across the transportation and logistics industry to strengthen verification procedures, including confirming carrier identities, scrutinizing last-minute changes to shipping details, and avoiding reliance on email alone for load confirmations.
Officials also warned against quickly onboarding new carriers without proper vetting, noting that many scams succeed because attackers are able to insert themselves into legitimate transactions without raising immediate red flags.
The agency asks victims to report any incidents via the IC3 website or their local FBI field office as it continues to track and investigate.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked