FBI Warns Cyber-Enabled Cargo Theft Surged to $725M in 2025 — Hackers Are Hijacking Freight Before It Leaves the Dock
The FBI warns cybercriminals stole nearly $725M in cargo in 2025 — a 60% surge — by hacking freight broker systems and posting fraudulent load board listings to hijack high-value shipments.
The FBI warns cybercriminals stole nearly $725 million in cargo in 2025 — a 60% surge fueled by hackers who compromise freight broker systems, post fraudulent load board listings, and hijack high-value shipments before they leave the dock.
WASHINGTON, D.C. — The FBI issued a public service announcement Wednesday warning that cyber-enabled cargo theft has become one of the fastest-growing crime categories in North America. Since at least 2024, threat actors have been breaching the computer systems of freight brokers and carriers via spoofed emails, fake URLs, and compromised accounts — then posing as legitimate companies to post fraudulent listings on load boards, the digital marketplaces connecting shippers, brokers, and carriers. Goods are handed over willingly, then rerouted and sold. Confirmed theft incidents rose 18% in 2025, while the average value per theft jumped 36% to $273,990 — reflecting deliberate targeting of higher-value loads.
Advisory profile
How the attack works
The methodology is straightforward and effective. Threat actors breach broker or carrier systems through phishing and spoofed email domains, then post fraudulent freight listings on load boards impersonating legitimate companies. A shipper or carrier accepts what appears to be a valid load from a trusted partner — and the goods are diverted. The criminals never need to physically intercept a shipment. They just redirect it. Named threat group Diesel Vortex used dozens of domain variants mimicking legitimate freight firms. The FBI notes attackers contacted victims via email and phone, with some incidents involving overseas numbers. The IC3 advisory details common spoofing patterns: extra punctuation (fb-i.gov), different TLDs (fbi.com), added prefixes (thefbi.gov), and misspellings (fbii.gov).
Load boards: the unregulated attack surface
Load boards are the connective tissue of the freight industry — digital platforms where shippers post available loads and carriers bid for them. They operate largely on trust with minimal identity verification. Once a criminal has one set of stolen carrier credentials or a convincing spoofed domain, load boards provide direct access to freight without physical proximity. California remains the most impacted state, with notable surges in Kern County and San Joaquin County — major corridors for agricultural and manufactured goods moving to ports. High-value technology products remain the top target category for 2026, with RAM modules, storage drives, and enterprise computing equipment specifically cited by the FBI. For broader context on how supply chain attacks work and spread
, our explainer covers the full attack lifecycle. All supply chain attack coverage
is tracked on The CyberSignal.
What to do now
Freight brokers and carriers should implement mandatory secondary verification channels for all load assignments — phone confirmation to a known number, not a number provided in the suspicious communication. Enforce multi-factor authentication across all load board accounts and freight management systems. Maintain vehicle and driver records with photo documentation and cross-reference against historical partners before assigning loads. Train dispatch and operations staff to recognize domain spoofing patterns: extra punctuation, different TLDs, misspellings, and added prefixes are all documented FBI indicators. Report any suspected cyber-enabled cargo theft to IC3 at ic3.gov in addition to local law enforcement.
The CyberSignal Analysis
Signal 01 — This is BEC applied to physical goods
Cyber-enabled cargo theft is Business Email Compromise applied to freight. The attack pattern is identical: compromise or impersonate a trusted entity, insert yourself into a transaction, redirect value. The difference is that instead of redirecting a wire transfer, attackers redirect a truck. The physical dimension makes recovery nearly impossible — there is no wire recall equivalent for a diverted shipment of server hardware. Security teams in logistics who treat BEC as a finance department problem need to recognize their operations and dispatch teams face the same attack vectors.
Signal 02 — Load boards are an unverified attack surface at industrial scale
Unlike financial systems that require KYC compliance, load boards were built for speed and accessibility — which made them efficient and made them vulnerable. A criminal with one set of stolen credentials or a convincing spoofed domain can post listings that reach thousands of shippers simultaneously. The FBI's advisory is a public acknowledgment that this infrastructure has been systematically exploited for at least two years with no structural reform of identity verification requirements.
Signal 03 — A 60% loss surge signals organized, systematic escalation
A 60% year-over-year increase in losses, paired with an 18% increase in incidents and a 36% jump in average value, is not random variation. It reflects organized groups deliberately scaling operations and targeting higher-value loads. This is the same professionalization pattern seen in ransomware: initial opportunistic attacks followed by systematic optimization for maximum return per operation. The freight industry is now firmly in that optimization phase.
