⚖️ Risk Mgmt

FBI Warns of $725M Cyber-Enabled Cargo Theft Wave Targeting Transportation and Logistics

The FBI has issued a warning documenting a sharp surge in cyber-enabled cargo theft targeting the US transportation and logistics industry, with losses exceeding $725 million in 2025. Criminal organisations use phishing, broker impersonation, and freight marketplace account takeovers to divert physical shipments. Supply chain security teams and freight brokers should treat this advisory as a direct threat to physical goods in transit.

4 min read
#fbi-advisory#cargo-theft#social-engineering#logistics-security#freight-fraud#supply-chain-risk

The FBI has issued a formal warning to the transportation and logistics sector documenting a surge in cyber-enabled cargo theft operations that resulted in losses exceeding $725 million in 2025 — a 312% increase over the previous year. Unlike traditional physical cargo theft, these operations use digital intrusion techniques including phishing, freight marketplace account takeover, and broker identity impersonation to redirect shipments in transit, with criminals collecting and reselling goods before legitimate shippers detect the diversion.

How Cyber-Enabled Cargo Theft Works

The FBI advisory documents three primary cyber-enabled theft methodologies operating at scale:

Freight broker impersonation: Criminals register domains that closely mimic legitimate freight brokerage companies and use these to create fraudulent load postings on freight marketplaces and load boards (DAT, Truckstop.com). Carriers accepting these loads deliver goods to attacker-controlled pickup locations. The impersonation often uses email domains with single character changes or added hyphens from legitimate brokers, exploiting the fact that many carriers use email rather than verified platform-based communication for load coordination.

Load board account takeover: Credential phishing campaigns specifically target freight broker and carrier login credentials for major load board platforms. With compromised accounts, attackers modify existing load postings in transit — changing pickup or delivery addresses to redirect shipments that are already en route. This method is particularly difficult to detect because the load appears legitimate in the marketplace’s records up until the address change.

Third-party logistics (3PL) system compromise: Several confirmed incidents involved direct compromise of 3PL providers’ transportation management systems (TMS), giving attackers the ability to modify delivery instructions, create fraudulent proof-of-delivery records, and redirect high-value shipments without triggering alerts in the shipper’s own systems. The 3PL attack vector creates a supply chain compromise where a single breach affects multiple shipper customers.

Most Targeted Cargo

The advisory identifies electronics, pharmaceuticals, food and beverage products, and medical devices as the most frequently targeted cargo categories. High-value pharmaceuticals — particularly GLP-1 medications and oncology treatments — have been specifically targeted in multiple confirmed incidents, with street value creating strong criminal incentives. Electronics including semiconductors, laptops, and networking equipment represent the highest average per-incident loss.

Geographically, the FBI notes elevated attack frequency on routes between major distribution hubs in Texas, California, and the eastern seaboard, consistent with the highest-density freight corridors.

Indicators of freight diversion attacks include:

  • Unexpected address modification requests received via email after load assignment, particularly with urgency framing
  • Carrier contact details or MC numbers that do not match records in FMCSA’s Carrier Search
  • Requests to communicate outside the freight marketplace platform (e.g., being asked to confirm details via WhatsApp or personal email)
  • Delivery confirmation from unexpected locations or by drivers not matching the originally contracted carrier

Recommended actions for logistics and supply chain security teams:

  • Implement carrier vetting workflows — verify every carrier’s FMCSA licence status and contact information independently before tendering loads; do not rely solely on marketplace records which may reflect compromised account information.
  • Require out-of-band confirmation for mid-transit address changes — establish a callback verification policy requiring phone confirmation to a verified number before processing any delivery address modification received via email or platform message.
  • Enable MFA on all freight marketplace and TMS accounts — load board platform accounts and 3PL system credentials should require multi-factor authentication; audit which accounts hold active load modification rights.
  • Establish high-value shipment tracking requirements — for shipments exceeding a defined value threshold, require real-time GPS tracking on the transport unit and set alerts for route deviations exceeding a defined distance.
  • Brief procurement and logistics teams on broker impersonation — domain impersonation attacks succeed because operations staff are not trained to scrutinise broker contact details; include freight fraud scenarios in security awareness training for logistics personnel.
  • Review 3PL provider security posture — request security questionnaires and evidence of MFA enforcement, access control reviews, and incident response capabilities from 3PL partners with TMS access to your shipment data.

Share this article