A new alert issued by the FBI warns of a surge in cyber-enabled cargo theft, with hackers targeting both brokers and carriers in sophisticated attacks.
The FBI’s warning is not surprising. In late 2025, cybersecurity firm Proofpoint reported observing such attacks. At around the same time, the National Motor Freight Traffic Association (NMFTA) warned the logistics and transportation industry that traditional cargo theft is being rapidly replaced by cyber-enabled heists.
Cargo theft caused more than $700 million in losses in 2025 — a 60% increase over 2024 — driven by criminal gangs targeting high-value goods.
According to the FBI, cargo theft enabled by hackers has been observed since at least 2024. Threat actors are using fake emails, phishing sites, malware, and remote management software to achieve their goals.
The agency has described a typical attack scenario. It begins with an email sent to a shipping broker. These emails often look like routine business requests or complaints, but they contain links pointing to malicious websites set up to serve malware and remote access tools that give the attackers complete control over the targeted company’s internal systems.
The attackers also abuse trucking load boards, where companies post available freight and carriers look for jobs. Compromised broker accounts are used to post fake listings to lure legitimate carriers, tricking them into downloading malware that gives the attackers access to their systems.
The hackers then use the stolen carrier identities to bid on real, high-value shipments. To look more legitimate, they even hack into federal databases to update insurance information and contact details.
Once the thieves win a contract, they perform an illegal double-brokering maneuver, hiring a different, potentially unsuspecting driver to pick up the goods. The obtained loads are cross-docked or transloaded (ie, quickly picked up from the warehouse where they were dropped off or directly transferred to a complicit carrier) to be sold on the black market.
In some cases, the thieves even hold the cargo for ransom, demanding payment from the original broker just to reveal where the stolen goods are hidden.
The FBI has shared indicators that companies can use to determine whether they are being targeted in such schemes. Indicators include contact about unauthorized shipments, suspicious email addresses, requests to download documents or forms via shortened or spoofed links, and unauthorized forwarding or autodeletion rules in email accounts.
Related: FBI Warns of Data Security Risks From China-Made Mobile Apps
Related: FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
Related: FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
