The FBI says cyber-enabled cargo theft jumped in 2025. Here’s how attackers hijack brokers and what logistics teams can do now.
The FBI is warning that cyber-enabled cargo theft is accelerating fast, targeting freight brokers and carriers with phishing, spoofed emails, and hijacked identities.
In 2025, the FBI estimates losses in the U.S.. and Canada from these incidents reached nearly $725 million—about a 60% increase year over year.. Alongside that dollar figure, the number of confirmed cargo theft incidents rose 18%, while the average value per theft jumped 36% to $273,990.. The pattern points to criminals becoming more selective, going after higher-value loads rather than broad, low-impact theft.
The FBI says the schemes have a clear digital entry point.. Threat actors have been infiltrating broker and carrier systems using spoofed emails and fake web links at least since 2024.. Once they’re inside, attackers don’t just steal data—they manufacture the conditions to divert real shipments.. They post fraudulent load listings on online load boards. impersonate legitimate companies. and then trick carriers into taking the bait through malicious files or compromised credentials.
The flow described by the FBI is methodical: first, compromise.. Employees are lured to phishing sites that install remote monitoring software, giving attackers visibility and a foothold.. From there. criminals can operate quietly inside the environment. preparing the next move—mass posting of fake freight listings that can number in the tens of thousands.. Then the attackers pivot from access to execution: accepting real shipments using stolen carrier identities and rerouting them to drivers who are complicit or connected to the theft pipeline.
What makes this especially damaging is how it delays detection and protects the criminals.. The FBI reports that attackers can alter compromised carriers’ registration details with the Federal Motor Carrier Safety Administration and update insurance records. meaning the first “signal” a victim company sees may be missing shipments that were booked under its name—without its knowledge.
A concrete example referenced in the FBI warning involves the Diesel Vortex financially motivated threat group.. A monitoring report tied that activity to credential theft from freight and logistics operators through phishing attacks that had been running since September 2025. using dozens of domains.. For logistics operators. these details matter because they suggest attackers aren’t relying on one-off lures; they’re iterating infrastructure to stay ahead of defenses.
For shippers, brokers, carriers, and insurers, the human impact shows up as more than stolen cargo.. It’s delayed deliveries. disrupted schedules. costly claims. and the operational drag of incident response—time spent locking accounts. validating documentation. and triaging whether a shipment diversion is cyber-related or a purely physical security failure.. In a sector where trust and speed are built into day-to-day workflows. a single compromised mailbox or login can cascade into real-world losses before anyone realizes the rules have been rewritten.
There’s also a broader trend here: cybercrime is increasingly borrowing logistics language and process mechanics.. Load boards, broker-carrier coordination, and identity verification are all designed to reduce friction.. Attackers are turning that same friction reduction into an advantage—speeding up fraud while making legitimate verification steps look like normal business traffic.
The FBI’s recommended countermeasures focus on tightening verification and slowing the attacker’s ability to act on compromised identities.. Companies are urged to verify shipment requests through secondary channels. implement and enforce multi-factor authentication where possible. and validate unexpected communications using a two-factor authentication process.. The FBI also emphasizes maintaining detailed records of vehicles and drivers. which can help investigators and internal teams connect diverted loads to the timing and scope of the compromise.
For victims. the guidance is practical: file a complaint with the Internet Crime Complaint Center (IC3) in addition to reporting the stolen cargo through police channels.. The FBI notes that in its 2025 Internet Crime Report. IC3 received over 1 million complaints last year tied to nearly $21 billion in reported losses across cyber-enabled crime categories such as business email compromise and data breaches.
In short, the warning from Misryoum focus is clear: cargo theft is no longer purely a physical crime.. It’s increasingly a cyber-enabled operation that blends access, impersonation, and operational disruption.. The organizations that reduce risk fastest will be the ones that treat identity verification and account security as core logistics infrastructure—not an IT afterthought.