Digital attacks drive a new wave of cargo theft, FBI says
May 01, 2026 
The FBI warns of rising cyber cargo theft, with hackers targeting brokers and carriers. Experts say digital attacks are replacing traditional cargo theft.
The FBI has issued a Public Service Announcement (PSA) about a surge in cyber-enabled cargo theft, with hackers increasingly targeting brokers and carriers. This trend confirms earlier findings from Proofpoint and alerts from the NMFTA, which noted that traditional cargo theft is being replaced by more sophisticated, digital attacks across the logistics sector.
“The Federal Bureau of Investigation is publishing this Public Service Announcement (PSA) to warn the public of cyber threat actors increasingly using sophisticated, cyber-enabled tactics to impersonate legitimate businesses to hijack freight, steal high-value shipments, and reroute deliveries, resulting in a surge of strategic cargo theft.” reads the FBI’s PSA.
Crooks are increasingly targeting the U.S. transportation and logistics sector, including brokers and carriers. Since 2024, attackers have used phishing emails, fake websites, and compromised accounts to gain access to systems. They impersonate legitimate companies and post fake load listings to trick victims into handing over goods, which are then diverted and resold.
“Since at least 2024, cyber threat actors have gained unauthorized access to the computer systems of brokers and carriers — typically via spoofed emails, fake URLs, and compromised carrier accounts.” continues the announcement. “The cyber actors pose as victim companies and post fraudulent listings on load boards to deceive shippers, brokers, and carriers into handing over goods, which are redirected from their intended destination and stolen for resale. “
In 2025, cargo theft losses in the U.S. and Canada reached nearly $725 million, up 60% from 2024. Incidents rose 18%, while the average loss per theft increased 36% to $273,990, reflecting a shift toward fewer but higher-value targets.
Cyber-enabled cargo theft follows a structured, multi-step scheme. Attackers first compromise broker or carrier accounts using phishing emails and fake links that install remote access tools. With control of these systems, they impersonate companies and post fake loads on trucking platforms, tricking legitimate carriers into engaging and sometimes infecting them too.
Next, criminals pose as trusted carriers to accept real shipments, then “double-broker” them to unsuspecting drivers while altering documents and delivery details. They may even update official records to appear legitimate.
Finally, the cargo gets redirected, transferred to complicit drivers, and stolen for resale. In some cases, attackers demand ransom to reveal shipment details or location.
The PSA includes indicators to spot cyber-enabled cargo theft attacks. These include unexpected contacts about shipments made in their name without authorization, and emails that mimic real domains but use free providers or slight variations. Messages may push users to click shortened or spoofed links, often tied to fake complaints or documents that deliver malware.
Other red flags include new or suspicious mailbox rules, such as auto-forwarding or deletion. Attackers also use altered email addresses with small changes or added titles. Communication often comes via email or short-lived VoIP phone numbers, sometimes linked to overseas activity.
To prevent cargo theft, businesses should verify shipments using independent and multiple channels before releasing goods. Do not trust names or emails alone—confirm requests with additional authentication. Keep detailed records of drivers, vehicles, and transactions to support investigations and reduce fraud risks.
Companies can spot cyber-enabled cargo theft through several warning signs. These include unexpected contacts about shipments made in their name without authorization, and emails that mimic real domains but use free providers or slight variations. Messages may push users to click shortened or spoofed links, often tied to fake complaints or documents that deliver malware.
Other red flags include new or suspicious mailbox rules, such as auto-forwarding or deletion. Attackers also use altered email addresses with small changes or added titles. Communication often comes via email or short-lived VoIP phone numbers, sometimes linked to overseas activity.
FBI recommends businesses should verify shipments using independent and multiple channels before releasing goods. Do not trust names or emails alone, confirm requests with additional authentication. Keep detailed records of drivers, vehicles, and transactions to support investigations and reduce fraud risks.
Recently Proofpoint researchers observed crooks targeting trucking and logistics companies, running coordinated remote access campaigns to steal cargo and divert payments. These attacks appear to be linked to organized crime.
The findings highlight a growing trend of cyber-enabled cargo theft, where digital intrusions directly support real-world crime. This threat is expanding rapidly, with losses in North America reaching $6.6 billion in 2025, showing how cyberattacks are increasingly used to disrupt supply chains and generate profit.
In November 2025, Proofpoint first reported cybercriminals were targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active since June 2025, the group works with organized crime to loot goods, mainly food and beverages.
Crooks infiltrate logistics firms, hijack cargo bids, and steal goods, fueling the rise of cyber-enabled freight theft.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, cargo theft)
