The Federal Bureau of Investigation announced cyber tactics enabling cargo theft have surged recently.
In a Public Service Announcement, the FBI said cyber threat actors are increasingly using cyber-enabled tactics to impersonate legitimate businesses as a means to hijack freight, steal high-value shipments and reroute deliveries. The cyber thieves are targeting U.S. transportation and logistics sectors, including companies with interests in shipping, receiving, delivering and insuring cargo, the agency said.
According to the FBI, since 2024 cyber threat actors have been able to access the computers systems of brokers and carriers via spoofed emails, fake URLs and compromised carrier accounts. The criminals then pose as victim companies and post fraudulent listings on load boards to deceive shippers, brokers and carriers into handing over goods, which are redirected and stolen for resale. In 2025, the agency estimates, cargo theft losses in the U.S. and Canada reached nearly $725 million, a 60 percent increase over the previous year, and cargo threat incidents grew by 18 percent. The average value per theft rose 36 percent to $273, 990, driven mostly by more selective, high-value targets.
The process is multi-step, the agency said, beginning with an email impersonating brokers and sending links for carrier broker agreements to review and address poor service ratings. The links to the agreement or review are often shortened and spoofed URLs. Once the link is clicked the targeted user is redirected to a phishing website that mimics a legitimate one. That website hosts a malicious executable file that downloads other legitimate remote monitoring and management software giving the criminals total and undetected access to the victim’s systems.
From there the criminals are able to access trucking load boards where they use the compromised accounts to post fake loads that legitimate carriers bid on. Once legitimate carriers bid on the fake loads, the criminals provide the malicious carrier broker agreement that compromises the carrier’s computer systems.
Now posing as the compromised carrier, the threat actors accept shipments and double-broker the load to unwitting drivers, providing manipulated bills of lading and changing the destination of the load. Loads are then cross-docked or transloaded to complicit drivers, who redirect the cargo from its intended destination and steal it for resale. Sometimes, the threat actors posing as carriers reconnect with the broker to demand a ransom for the location or other load details.
The FBI warns those in the supply chain sector to be on the lookout for emails that spoof legitimate company domains using free email providers, requests to download documents or forms from shortened or spoofed web links, and emails claiming negative services reviews with links to “review” or “Resolve” complaints. The agency also warns the industry to be suspicious of emails from domains that mimic legitimate ones through minor changes – like extra punctuation or different top-level domains.
Additionally, the agency is said to independently verify shipment requests and pickups using secondary methods, implementing multi-channel verification, and maintaining thorough documentation of all parties involved.
