FBI Says Cyber-Enabled Strategic Cargo Theft Is Surging

The Federal Bureau of Investigation in the USA has issued a Public Service Announcement (PSA) to warn the public of cyber threat actors increasingly using sophisticated, cyber-enabled tactics to impersonate legitimate businesses to hijack freight, steal high-value shipments, and reroute deliveries, resulting in a surge of strategic cargo theft.

Cyber threat actors target US transportation and logistics sectors, including companies with interests in shipping, receiving, delivering, and insuring cargo. Since at least 2024, cyber threat actors have gained unauthorized access to the computer systems of brokers and carriers — typically via spoofed emails, fake URLs, and compromised carrier accounts.

The cyber actors pose as victim companies and post fraudulent listings on load boards to deceive shippers, brokers, and carriers into handing over goods, which are redirected from their intended destination and stolen for resale. In 2025, estimated cargo theft losses in the United States and Canada surged to nearly $725 million, (60 percent increase from 2024), while confirmed cargo theft incidents increased by 18 percent. The average value per theft rose 36 percent to $273,990, driven by more selective, high-value targets.

Threat actors conducting cyber-enabled strategic cargo thefts use a multi-step process, often as follows:

• Compromise Initial Victim Accounts: Cyber threat actors impersonate and spoof brokers via email, sending links for a carrier broker agreement or to review and address poor service ratings. The links are frequently shortened, spoofed URLs. Once clicked, the targeted user is redirected to a phishing website imitating the legitimate one. The phishing website hosts a malicious executable file, which downloads other legitimate remote monitoring and management software, giving the cyber threat actors total, undetected access to the brokers’ or carriers’ systems.
• Post Fake Loads Online: Criminal threat actors access trucking load boards, where they impersonate brokers using compromised carrier accounts to post additional fake loads — sometimes in the tens of thousands. Legitimate carriers bid on the fake loads and contact the threat actors, who provide the malicious carrier broker agreement and compromise the carrier’s computer systems.
• Bids on Real Loads: Posing as the compromised carrier, criminal threat actors accept shipments and double-broker the load to partially unwitting drivers, providing manipulated bills of lading, and changing the destination of the load. To legitimize their access, criminal threat actors change the legitimate carrier’s contact information with the Federal Motor Carrier Safety Administration and update insurance information to permit loads the legitimate carrier previously did not accept. The compromised carrier may not realize they are compromised until brokers contact them about missing loads booked under their authority but without their knowledge.
• Theft of Cargo: Loads are cross-docked or transloaded to complicit drivers, who redirect the cargo from its intended destination and steal it for resale. Criminal threat actors posing as a carrier sometimes reconnect with the broker to demand a ransom for the location or additional details of the load.

You can read more about this here – https://www.ic3.gov/PSA/2026/PSA260430