FBI warns about ‘cyber-enabled’ fraudsters posting fake listings on trucking load boards

The Federal Bureau of Investigation (FBI) issued a public alert warning the transportation industry about a significant increase in sophisticated “cyber-enabled” cargo theft tactics threatening U.S. supply chains.

On April 30, 2026, the FBI released a Public Service Announcement (PSA) “to warn the public of cyber threat actors increasingly using sophisticated, cyber-enabled tactics to impersonate legitimate businesses to hijack freight, steal high-value shipments, and reroute deliveries, resulting in a surge of strategic cargo theft.”

FBI Says Cargo Theft Increased By 60% In 2025

The FBI pointed to a 60% surge in cargo theft losses in the United States and Canada in 2025 over 2024. Officials said that cargo theft losses were estimated at $725 million last year.

The FBI said that fraudsters are using spoofed emails, fake URLs, and compromised carrier accounts to access the computer systems of brokers and carriers and post fraudulent listings on load boards. Victims are tricked into handing over freight to cargo thieves, who then redirect goods from their intended destinations and resell them for profit.

How Does The Scheme Work?

The FBI outlined the multi-step process used by cargo thieves using more sophisticated online techniques:

• Compromise Initial Victim Accounts: Cyber threat actors impersonate and spoof brokers via email, sending links for a carrier broker agreement or to review and address poor service ratings. The links are frequently shortened, spoofed URLs. Once clicked, the targeted user is redirected to a phishing website imitating the legitimate one. The phishing website hosts a malicious executable file, which downloads other legitimate remote monitoring and management software, giving the cyber threat actors total, undetected access to the brokers’ or carriers’ systems.
• Post Fake Loads Online: Criminal threat actors access trucking load boards, where they impersonate brokers using compromised carrier accounts to post additional fake loads — sometimes in the tens of thousands. Legitimate carriers bid on the fake loads and contact the threat actors, who provide the malicious carrier broker agreement and compromise the carrier’s computer systems.
• Bids on Real Loads: Posing as the compromised carrier, criminal threat actors accept shipments and double-broker the load to partially unwitting drivers, providing manipulated bills of lading, and changing the destination of the load. To legitimize their access, criminal threat actors change the legitimate carrier’s contact information with the Federal Motor Carrier Safety Administration and update insurance information to permit loads the legitimate carrier previously did not accept. The compromised carrier may not realize they are compromised until brokers contact them about missing loads booked under their authority but without their knowledge.
• Theft of Cargo: Loads are cross-docked or transloaded to complicit drivers, who redirect the cargo from its intended destination and steal it for resale. Criminal threat actors posing as a carrier sometimes reconnect with the broker to demand a ransom for the location or additional details of the load.

What Should You Be On The Lookout For?

The FBI offered the following tips to help transportation industry stakeholders recognize a cargo theft scheme:

• Contact from brokers, dispatchers, or carriers about shipments made in a company’s name that were not authorized by the company.
• Emails spoofing legitimate company domains using free email providers (for example dispatch.FBITrucking@[provider].com instead of dispatch@FBITrucking.com).
• Requests to download documents or forms from shortened or spoofed web links.
• Emails claiming negative service reviews with links to “review” or “resolve” complaints; those links can also lead to malicious downloads.
• New or unauthorized mailbox rules (for example, forwarding to external addresses, autodeletion, or hidden folders).
• Emails from domains or free service providers mimicking legitimate ones through minor changes, such as:
  • Extra punctuation (fb-i.gov).
  • Different top-level domains (fbi.com, fbi.us).
  • Added prefixes or suffixes (thefbi.gov, fbiemail.gov).
  • Misspellings (fbii.gov, fdi.gov).
• Threat actors communicated with brokers and carriers via email and telephone:
  • Email addresses are spoofed or altered with the addition of a name of position-related title in front of the legitimate email address.
  • Telephone numbers are voice over internet protocol (VOIP), used by applications, or used for short periods of time; some applications have been observed in contact with overseas phone numbers.

The FBI advised companies to take the following steps to protect their businesses from the threat of cargo theft:

• Independently verify shipment requests and pickups using secondary methods prior to releasing any loads.
• Implement multi-channel verification to prevent criminal infiltration of legitimate transactions and freight diversion.
• Recognize that familiar names or email addresses alone do not confirm authenticity; validate unexpected communications through a two-factor authentication process.
• Maintain thorough documentation — including photos of drivers, licenses, vehicles, license plates, cab numbers, truck numbers, Department of Transportation and Motor Carrier numbers, and contact and communication details — of all parties. This documentation aids investigative efforts and may help disrupt ongoing strategic cargo theft schemes.

The FBI asked victims of cargo theft schemes to report the crimes to law enforcement as well as the Internet Crime Complaint Center (IC3) at www.ic3.gov.