When the famed criminal Willie Sutton was asked why he robbed banks, he quipped, “Because that’s where the money is,” according to U.S. Federal Bureau of Investigation (FBI) lore. A century later, a new generation of thieves has traded in Sutton’s famous pistol for a laptop keyboard and found a much bigger target than neighborhood banks—the huge flow of freight that rolls down American highways every day in thousands of 18-wheel trucks.
By adopting the tools of the computer hacker, these thieves have discovered an effective strategy, and incidents of freight theft have been climbing fast. The spoils can be lucrative, with the estimated average value of an individual theft now exceeding $202,000, according to the National Insurance Crime Bureau (NICB), a nonprofit dedicated to preventing insurance fraud and crime. At that rate, the losses add up quickly. The value of stolen merchandise and estimated losses eclipsed $1 billion in 2023, rose by 27% in 2024, and is projected to rise another 22% by the end of 2025.
Attracted by those high payouts, organized crime groups are using high-tech tools to steal cargo loads in ever-more creative ways, using strategies like identity theft, fraudulent pickups, and cyber-enabled “logistics manipulation”—which is essentially using digital technology to exploit vulnerabilities in logistics networks, the group says. “Weaknesses in common-use business technologies like voice-over-internet protocol (VoIP) and GPS, coupled with business email compromises, identity theft, and synthetic identities, enable sophisticated criminals to reroute high-value consumer goods such as electronics, medicine, and clothing from their intended destination to the black market,” NICB President and CEO David J. Glawe said in a statement.
The scams can work in a variety of ways, but a common ploy is for thieves to impersonate a trusted logistics partner. Then when they drive their truck up to a warehouse dock and display official-looking paperwork or an online contract, the distribution center gladly loads up their truck with valuable goods and sends them on their way. The theft may not even be detected until days later when the intended recipient complains that the load never arrived.
To win this game of wits, shippers need to stay abreast of the latest schemes so they’ll recognize the signs of a potential fraud. Fortunately, several industry sources offer training sessions and educational resources to help get the word out. But thieves are always hustling to stay one step ahead.
HACKERS GET CREATIVE
Sophisticated cyberthreats can be particularly difficult to deflect for an industry like the U.S. trucking business, where the great majority of drivers are employed by small fleets and therefore lack information technology (IT) departments or formal training in cyberdefense. According to the American Trucking Associations (ATA), 91.5% of the nation’s 580,000 commercial trucking fleets operate 10 or fewer trucks. Put another way, 86% of trucks on the road belong to fleets of six trucks or fewer, according to the Owner-Operator Independent Drivers Association (OOIDA).
That can make them easy targets for thieves, who appear to be doubling down on their efforts to fool new victims and evade law enforcement. “We anticipate criminals to continue to leverage [fake] placards as well as emerging technology, such as artificial intelligence, cybersecurity vulnerabilities, [and] other methods, to cultivate new fraudulent ways to steal cargo,” the British management advisory firm BSI Consulting said in its “Q3 Supply Chain Risk Exposure Evaluation Network (SCREEN) Report.” “Additionally, we anticipate them continuing to evolve techniques to evade law enforcement. In addition to evolving tactics, we anticipate more criminal groups to engage in fraudulent and strategic thefts in more areas of the United States.”
For example, recent years have seen an increase in “phishing” or “spear-phishing” attempts against carriers, where hackers try to fool workers into sharing computer passwords and other “personally identifiable information” (PII).
In that scenario, a fraudster may ask an owner/operator to fill out a form that includes, say, their log-in credentials, explains Danielle Spinelli, an account executive at software developer Descartes Systems Group who specializes in studying freight theft. Once the hacker has gained access to a driver’s email system—such as a Gmail, Yahoo, or Hotmail account—they can impersonate that victim in future email exchanges or even in postings on a loadboard.
Hackers have also become adept at defeating the physical technology designed to deter them, such as the tracking tags that many shippers attach to pallets before loading them into a trailer, she says. For example, some thieves have placed an empty paint can over a sensor designed to detect the light emitted when a trailer door is opened, allowing them to access that pallet at will. In other cases, robbers have actually removed the entire back-door section of a truck trailer in order to avoid triggering the sensor that notifies security personnel when those doors are opened.
“The bad guys have learned the trade; they’ve learned the loopholes,” Spinelli says. “For good security, people in all roles should be careful: not just the carrier, but [players from] every sector of the industry—warehousing, shipping, dockworkers, and also brokers. In the past, some brokers have been hesitant to report their stories because they didn’t want to damage their reputation. So freight theft is often underreported.”
GET YOUR CYBER-EDUCATION
For fleets and drivers up against these challenges, Spinelli says the best defense is to continually educate themselves on the latest scams. In a world where many truckers lack access to cyberdefense training from their own companies, industry groups have stepped in to offer security-focused newsletters, webinars, and videos. Examples include the National Motor Freight Traffic Association’s free education programs and Descartes’ own “My Carrier Portal” site.
Other industry groups have developed protocols that brokers, carriers, or drivers can follow to protect themselves against cybertheft. For instance, the Transported Asset Protection Association Americas, a nonprofit formed in 1997 to tackle the multibillion dollar problem of cargo theft, recently released its Freight Broker Security Requirements (FBSR) Standard, a framework designed to elevate security offerings across the freight brokerage industry.
BSI’s consultants also have some advice for operators looking to deter cargo thieves. They recommend a multifaceted approach that incorporates intelligence, technology, physical security, and employee training but also emphasize the role of human oversight and vigilance. To reduce fraudulent pickups, for instance, they recommend that companies make sure the carrier has provided a legitimate address and is not using a P.O. box or an untraceable location; call the carrier to speak directly with someone and confirm their legitimacy; train everyone at the site to check IDs and confirm that the driver holds a commercial driver’s license (CDL); and record basic information about the vehicles picking up freight, including type, markings, license plates, and trailer or container numbers.
Sophisticated crime groups are turning modern technology against the fleets and truckers hauling freight around the nation. Experts agree the problem will continue to grow in coming years. But supply chain professionals should not lose hope, they say. By subscribing to freight industry training programs, they can stay up to date on the latest threats and shore up their defenses against the rising tide of cybertheft.
