The U.S. FBI (Federal Bureau of Investigation), through its Internet Crime Complaint Center, warned in a public service announcement that cyber-enabled strategic cargo theft is surging, as threat actors increasingly impersonate legitimate brokers and carriers to hijack freight and reroute high-value shipments for resale. Losses reached nearly US$725 million across the U.S. and Canada in 2025, marking a 60% year over year increase, with incidents up 18% and average losses per theft rising to $273,990.
Published last week, the FBI alert says attackers gain unauthorized access to logistics systems through phishing and spoofed communications, then post fraudulent loads or manipulate legitimate shipments.
“Cyber threat actors target US transportation and logistics sectors, including companies with interests in shipping, receiving, delivering, and insuring cargo,” the FBI alert detailed. “Since at least 2024, cyber threat actors have gained unauthorized access to the computer systems of brokers and carriers — typically via spoofed emails, fake URLs, and compromised carrier accounts. The cyber actors pose as victim companies and post fraudulent listings on load boards1 to deceive shippers, brokers, and carriers into handing over goods, which are redirected from their intended destination and stolen for resale.”
In 2025, the alert noted that the estimated cargo theft losses in the U.S. and Canada surged to nearly $725 million, marking a 60% increase from 2024, while confirmed cargo theft incidents increased by 18%. The average value per theft rose 36% to $273,990, driven by more selective, high-value targets.
The FBI outlined a coordinated, multi-step scheme behind the rise in cyber-enabled strategic cargo theft, describing how threat actors first compromise broker and carrier accounts through phishing links that deploy remote access tools, giving them undetected control of logistics systems. Once inside, attackers flood trucking load boards with tens of thousands of fraudulent listings while also bidding on legitimate shipments using hijacked identities, enabling them to double-broker loads to unsuspecting drivers and alter key documentation such as bills of lading and delivery destinations.
To sustain the deception, actors manipulate carrier contact and insurance details with regulators, delaying detection until shipments go missing. The operation culminates in the physical theft of goods, with cargo rerouted, cross-docked, or transloaded to complicit drivers for resale, and in some cases, followed by ransom demands to reveal shipment locations.
The agency called upon organizations to watch for signs of cyber-enabled cargo theft schemes, including unexpected contact from brokers, dispatchers, or carriers about shipments made in a company’s name without authorization. Indicators also include email spoofing legitimate domains through free providers, often substituting addresses for authentic ones, as well as requests to download documents from shortened or spoofed links. Messages may reference negative service reviews and prompt recipients to click links to ‘resolve’ complaints, leading to malicious downloads.
FBI noted that compromised accounts may show newly created or unauthorized mailbox rules, such as automatic forwarding to external addresses, deletion settings, or hidden folders. Additional warning signs include domains that mimic legitimate ones through subtle changes, including extra punctuation, altered top-level domains, added prefixes or suffixes, or slight misspellings.
Hackers also communicate through spoofed email addresses that insert job titles into otherwise legitimate formats, while phone contact is often made באמצעות short-lived voice over internet protocol numbers or applications, sometimes linked to overseas activity.
