Key Takeaways
- The FBI’s Internet Crime Complaint Center issued a public service announcement warning that cyber‑enabled strategic cargo theft is rapidly increasing in the United States and Canada.
- In 2025, estimated losses reached nearly US $725 million – a 60 % rise year‑over‑year – while the number of confirmed incidents grew by 18 % and the average loss per theft climbed to $273,990.
- Attackers gain entry to logistics systems mainly through phishing emails, spoofed URLs, and compromised carrier accounts, then pose as legitimate brokers or carriers to post fraudulent loads or hijack genuine shipments.
- The fraud scheme involves multiple steps: account compromise, flooding load boards with fake listings, double‑brokering loads, altering bills of lading and delivery details, and finally diverting cargo for resale (sometimes followed by ransom demands).
- Detectable red flags include unexpected shipment‑related contact, email spoofing via free providers, newly created mailbox rules, subtle domain variations, and requests to download files from shortened or suspicious links.
- The FBI urges transportation and logistics firms to harden email security, monitor account activity, verify load‑board postings, and educate staff about social‑engineering tactics to mitigate the threat.
Overview of the FBI Alert
The Federal Bureau of Investigation, through its Internet Crime Complaint Center (IC3), released a public service announcement last week highlighting a growing trend of cyber‑enabled strategic cargo theft. The notice warns that threat actors are increasingly targeting the U.S. and Canadian transportation and logistics sectors by impersonating legitimate brokers, carriers, and related service providers. By exploiting compromised computer systems and deceptive communications, criminals are able to reroute high‑value freight and resell the stolen goods, prompting the FBI to issue actionable guidance for industry stakeholders.
Scale of Financial Losses in 2025
According to the alert, cargo‑theft losses in the United States and Canada surged to almost US $725 million in 2025, representing a 60 % increase compared with 2024. The number of confirmed cargo‑theft incidents rose by 18 % over the same period, indicating that the rise in losses is driven not only by more frequent attacks but also by higher‑value targets. The average loss per theft climbed 36 % to $273,990, underscoring that attackers are focusing on shipments containing premium electronics, pharmaceuticals, machinery, and other high‑margin commodities.
How Attackers Gain Initial Access
The FBI describes a typical intrusion chain that begins with social engineering: phishing emails bearing spoofed sender addresses or malicious URLs lure employees of brokers and carriers into divulging credentials or downloading remote‑access tools. Once the attackers obtain valid login credentials, they hijack carrier or broker accounts, establishing a foothold inside the victim’s logistics IT environment. This initial compromise is often stealthy, allowing threat actors to remain undetected while they manipulate internal systems and external communications.
Exploitation of Load Boards and Shipment Data
With unauthorized access secured, the perpetrators flood public and private truck‑load boards with tens of thousands of fraudulent postings that mimic legitimate freight offers. Simultaneously, they use the hijacked identities to bid on genuine shipments, effectively double‑brokering loads to unsuspecting drivers. By altering critical documentation—such as bills of lading, delivery instructions, and carrier contact details—the criminals can redirect cargo to alternate locations without raising immediate suspicion. This dual approach maximizes the volume of stolen goods while diluting the chances of early detection.
Techniques Used to Sustain the Deception
To prolong the window of opportunity, threat actors modify carrier contact and insurance information on file with regulators, creating inconsistencies that delay alerts when shipments fail to arrive at their intended destinations. They may also employ cross‑docking or transloading at intermediate facilities controlled by accomplices, further obscuring the cargo’s trail. In some cases, after the physical theft is completed, the perpetrators issue ransom notes demanding payment in exchange for revealing the shipment’s whereabouts, adding an extortion layer to the crime.
Warning Signs for Organizations
The FBI advises logistics firms to monitor for several indicators of compromise. Unexpected communications—such as emails or phone calls from brokers, dispatchers, or carriers referencing shipments made under a company’s name without prior authorization—should raise immediate suspicion. Email spoofing is common; attackers often use free email providers to mimic legitimate domains, altering a single character, adding punctuation, or substituting top‑level domains (e.g., .co instead of .com). Additionally, requests to download files from shortened or obscure links, especially those framed as “resolving” negative service reviews, frequently precede malware installation.
Technical Artifacts of Compromised Accounts
Inside breached mailboxes, investigators may observe newly created or altered mailbox rules: automatic forwarding to external addresses, rules that delete certain messages, or hidden folders designed to conceal malicious activity. These settings enable attackers to exfiltrate data, maintain persistence, and evade detection by security tools that rely on standard mailbox behavior. Regular audits of mailbox configurations and anomaly‑based alerts can help surface such manipulations before they are exploited for cargo theft.
Domain and Communication Spoofing Tactics
Beyond email address manipulation, threat actors register domains that closely resemble those of trusted partners—introducing extra hyphens, misspelling company names, or using similar‑looking characters (e.g., “rn” instead of “m”). Phone‑based social engineering is also prevalent, with attackers employing short‑lived Voice over Internet Protocol (VoIP) numbers or applications that can be quickly discarded after a call. Some of these numbers have been traced to overseas call centers, complicating attribution and law‑enforcement response.
Recommended Defensive Measures
To counter these threats, the FBI recommends a layered defense strategy. Organizations should enforce multi‑factor authentication (MFA) on all logistics‑system access points, conduct regular phishing‑simulation training for employees, and implement email‑authentication protocols such as DMARC, DKIM, and SPF to reduce spoofing success. Continuous monitoring of load‑board postings for abnormal volumes or mismatched carrier information can detect fraudulent listings early. Finally, establishing clear verification procedures—such as confirming load details through secondary channels before accepting a shipment—can significantly reduce the likelihood of falling victim to cyber‑enabled cargo theft.