The Federal Bureau of Investigation (FBI) has issued a public warning over a sharp rise in cyber-enabled cargo theft, as threat actors increasingly use digital tactics to impersonate legitimate businesses, hijack freight, and steal high-value shipments.
According to the FBI, cybercriminals are targeting transportation and logistics companies involved in shipping, receiving, and insuring cargo. The agency said these attacks have been ongoing since at least 2024 and are now becoming more sophisticated and widespread.
Losses linked to cyber-enabled cargo theft have surged significantly. In 2025, estimated cargo theft losses in the United States and Canada reached nearly $725 million, marking a 60 percent increase from the previous year.
Confirmed incidents rose by 18 percent, while the average value per theft increased by 36 percent to $273,990, reflecting a shift toward more targeted, high-value shipments.
How Cyber-Enabled Cargo Theft Works
The FBI outlined a structured, multi-step process used in cyber-enabled cargo theft schemes. Attackers begin by compromising accounts of brokers and carriers through phishing techniques such as spoofed emails, fake websites, and malicious links.
Victims are often sent emails posing as legitimate business communications, such as carrier agreements or service complaints. These emails include links that lead to phishing websites designed to mimic trusted platforms. Once accessed, these sites deploy malware or remote monitoring tools, allowing attackers to gain full control over systems without detection.
After gaining access, cybercriminals exploit online freight marketplaces known as load boards. They impersonate legitimate brokers or carriers and post fake shipment listings, sometimes in large volumes. Unsuspecting carriers bid on these listings and are further compromised through fraudulent agreements or malicious downloads.
In the next stage, attackers use the compromised accounts to accept real shipment contracts. They then engage in illegal double-brokering, rerouting freight to unintended locations. Shipment documents are manipulated, including bills of lading, and delivery destinations are altered without the knowledge of the original parties.
The final stage of cyber-enabled cargo theft involves physically diverting the cargo. Goods are transferred through cross-docking or transloading to other drivers, often complicit, and then stolen for resale. In some cases, attackers demand ransom payments in exchange for information about the shipment’s location.
Indicators of Cyber-Enabled Cargo Theft
The FBI has identified several warning signs that may indicate a cyber-enabled cargo theft attempt. These include unexpected communications regarding shipments made in a company’s name, spoofed email domains, and requests to download documents from suspicious links.
Other indicators include emails referencing negative service reviews with embedded links, unauthorized changes to email account settings, and slight variations in domain names designed to mimic legitimate organisations. Attackers may also use temporary or internet-based phone numbers to communicate with victims.
These tactics are designed to create a sense of urgency or legitimacy, increasing the likelihood that employees will engage with malicious content.
Steps to Prevent Theft
To reduce the risk of cyber-enabled cargo theft, the FBI is urging organisations to adopt stronger verification and security practices. Companies are advised to independently confirm shipment requests using multiple communication channels before releasing goods.
The agency recommends implementing multi-layer verification processes and not relying solely on familiar names or email addresses. Businesses should also maintain detailed records of all transactions, including driver identification, vehicle details, and communication logs, to support investigations if needed.
Recognising phishing attempts and avoiding interaction with suspicious links remain critical preventive measures.
Reporting Theft Incidents
The FBI has encouraged victims of cyber-enabled cargo theft to report incidents promptly. In addition to contacting local law enforcement, affected organisations should file complaints with the Internet Crime Complaint Center (IC3) or reach out to their nearest FBI field office.
The agency said timely reporting can help identify patterns, disrupt criminal networks, and prevent further losses across the logistics sector.
