The FBI's latest cybercrime advisory details an operation that sits at an unusual intersection: attackers are breaking into computer systems not to steal data, but to steal physical freight. By compromising the IT systems of freight brokers and carriers, cybercriminals are impersonating legitimate logistics companies on online freight marketplaces, accepting load assignments, and either diverting or simply vanishing with the cargo.
The technique — combining a traditional cyberattack with old-fashioned cargo theft — has generated what the FBI estimates are hundreds of millions of dollars in losses over a two-year campaign targeting the U.S. and Canadian transportation sectors.
How Freight Message Boards Became an Attack Surface
Digital freight marketplaces and load boards are the backbone of modern trucking logistics. Platforms like DAT, Truckstop, and similar exchanges allow shippers to post freight that needs to be moved and allow licensed carriers to bid on hauling it. The entire system depends on verified carrier identities — Motor Carrier (MC) numbers, DOT numbers, and operating authority — to ensure that only legitimate, insured operators are accepted to move freight.
The FBI's advisory reveals that attackers have found a way to subvert this trust system without creating fake companies. By breaching existing broker and carrier accounts, they inherit real company credentials, real MC numbers, and real contact information. On the load board, they are indistinguishable from the actual company.
This makes the fraud substantially harder to detect than traditional freight scams that rely on newly created fake shell companies, which experienced dispatchers might flag through basic FMCSA lookup checks.
The Anatomy of a Cargo Theft Operation
According to the FBI's description, the attacks follow a consistent operational pattern:
Step 1 — System Access
Attackers gain unauthorized access to a freight broker's or carrier's computer systems. Entry points include:
- Compromised employee credentials purchased on dark web marketplaces
- Phishing campaigns targeting logistics staff with fake load confirmations or invoice documents
- Exploitation of unpatched vulnerabilities in transportation management software (TMS) and carrier onboarding portals
- Credential reuse from prior data breaches affecting logistics industry employees
Step 2 — Intelligence Gathering
Once inside, attackers harvest the information needed for impersonation:
- Company DOT/MC numbers and operating authority status
- Existing shipper relationships and contact details
- Current load board account credentials
- Active load listings and freight schedules
- Carrier fleet details (truck types, capacity, routes)
Step 3 — Fraudulent Load Acceptance
Using the stolen credentials and legitimate company identity, attackers log in to freight load boards and accept loads that have been posted by shippers. Because the credentials and company identity are genuine, the acceptance appears legitimate. Confirmation documents sent to the shipper may look identical to documents from prior legitimate engagements.
Step 4 — Cargo Diversion or Abandonment
When the pickup window arrives, either:
- A vehicle arrives and takes the freight to an unauthorized location for theft or resale
- No vehicle arrives and the shipper is left with undelivered freight, often unable to reach anyone at the carrier until the legitimate company becomes aware of the fraud
By the time the fraud is discovered, the cargo may already be resold or the attackers have moved on to the next target.
Why This Model Is Effective
The combination of cyber intrusion and cargo theft is more effective than either technique alone for several reasons:
Trust by association: Operating under a legitimate company's identity means the fraud passes automated verification checks that would stop a newly created fake carrier.
Delayed detection: Freight often travels for days before delivery failure becomes apparent. By then, the cargo is long gone.
Complexity of attribution: The compromised company becomes an unwitting participant in the crime, and law enforcement must untangle whether the company's systems were breached or whether an insider was involved.
No physical presence needed for planning: The entire setup — gaining access, identifying targets, accepting loads — can be done remotely. Only the physical pickup step requires on-the-ground presence.
The Human Cost
Beyond the financial losses, cargo theft at this scale has real downstream consequences:
Pharmaceutical freight: Medical devices, medications, and clinical supplies are frequent cargo theft targets. When pharmaceuticals are stolen and potentially re-enter the supply chain through grey markets, patient safety is at risk — cold-chain integrity cannot be guaranteed for stolen temperature-sensitive medications.
Food supply disruption: Perishable food cargo that is diverted or stolen and not immediately accounted for can result in food safety incidents if product is resold without proper handling documentation.
Small carrier victimization: When a small carrier's identity is stolen for these operations, the legitimate company may face insurance complications, damaged shipper relationships, and potential regulatory scrutiny while investigators determine they were the victim rather than the perpetrator.
Industry Response and FBI Guidance
The FBI advisory urges the transportation sector to treat cybersecurity as a logistics and safety issue, not just an IT concern:
- Verify before releasing cargo — establish a phone verification protocol using numbers from official FMCSA records, not contact details provided in the load confirmation
- Monitor for your company's identity on load boards — set up alerts for your MC number appearing in load acceptances you didn't make
- Secure freight management systems with phishing-resistant MFA — hardware keys or passkeys for all accounts with load board access
- Train dispatch and operations staff to recognize impersonation red flags: last-minute delivery address changes, unfamiliar drivers for established lanes, pressure to proceed without standard documentation
- Report suspected fraud immediately to the FBI's Internet Crime Complaint Center (IC3) and FMCSA
A Supply Chain Security Reckoning
The FBI's spotlight on cyber-enabled cargo theft signals a broader reckoning for an industry that has been slower than others to adopt robust cybersecurity practices. Transportation and logistics companies often run on thin margins and legacy software, with IT departments that have historically focused on uptime rather than security.
The $725 million in 2025 losses documented in the advisory is almost certainly an undercount — cargo fraud is notoriously underreported because victims may prefer to settle disputes quietly to avoid insurance complications or reputational damage.
As digital freight marketplaces continue to expand and logistics companies increasingly rely on interconnected software platforms, the attack surface for cyber-enabled cargo theft will only grow. The FBI's message to the industry is clear: the same threat model that applies to financial institutions now applies to anyone moving physical goods through digital systems.