In 2025 Verisk CargoNet recorded approximately $725 million in cargo crime losses across North America, while the FBI Internet Crime Complaint Center (IC3) reported roughly $21 billion in cybercrime losses for the same period — and, the author notes, both figures likely understate the true toll because many incidents go unreported.
A familiar kill chain: reconnaissance to laundering
Ben Wilkens, director of cybersecurity at the National Motor Freight Traffic Association (NMFTA), lays out a theft playbook that will be familiar to incident responders: attackers begin with open-source reconnaissance — using U.S. Department of Transportation (USDOT) numbers, Federal Motor Carrier Safety Administration (FMCSA) registry entries, motor carrier (MC) numbers, insurance details and employee data — then move to targeted phishing. Compromised dispatch, customer service or accounting accounts let the actor “listen in” to shipment notifications, load tenders and bills of lading.
From that foothold the pattern diverges from a classic ransomware campaign: instead of encrypting systems, the intruder alters operational communications — changing pallet counts, destinations or other routing details — to redirect a legitimate load to a criminal-controlled delivery point. When a fraudulent carrier is used, attackers may register a new FMCSA carrier identity using stolen but valid identifiers, book loads on real load boards and use unwitting professional drivers to pick up and deliver the cargo.
Once freight reaches a criminal warehouse it is rapidly broken down, cross-docked or re-broked under falsified paperwork and laundered back into the supply chain; perishable consumables are often sold “within hours” and consumed “within days,” complicating recovery and investigation.
How public registries and load boards are weaponized
The operation depends on systems designed for transparency and speed: publicly available USDOT and FMCSA data, real load boards and carrier registration processes. Wilkens describes straight identity theft — registering fraudulent carriers with FMCSA using stolen identification details — alongside social-engineering of trusted email accounts to inject falsified instructions into otherwise legitimate communications.
These vectors exploit the transportation sector’s reliance on rapid electronic workflows and the industry practice of integrating third-party tools “for speed and efficiency.” When those integrations are not implemented securely, they create gaps criminals can exploit.
Financial scale, perishability and underreporting
The monetary consequences can be severe. Wilkens gives concrete examples: a single tractor trailer loaded with pharmaceuticals can carry a price tag “in the millions,” while a single load of pistachios can represent “hundreds of thousands of dollars.” Yet many smaller and midsized fleets — which move a large share of the country’s freight — operate on thin margins, often lack dedicated security budgets and may choose silence over disclosure because of reputational risk.
Industry estimates cited by NMFTA indicate the majority of cargo crime in the United States now involves a cyber-enabled component. That convergence of physical theft and cyber intrusion helps explain why cargo crime figures and broader cybercrime figures are increasingly discussed together.
What this means for motor carriers, brokers, and professional truck drivers
- Motor carriers and brokers: Expect attacks that target operational email flows and registration processes as much as corporate IT. Wilkens highlights straightforward mitigations — phishing-resistant multi-factor authentication and out-of-band verification before any critical change to banking information, routing details or shipping documents — that directly address how fraudsters are altering loads and payments.
- Professional truck drivers: Many drivers are unwitting participants in these schemes. Loads booked under falsified carrier identities may appear legitimate on the surface, meaning drivers can be used as pawns between legitimate shippers and criminal warehouses.
- Third-party logistics providers and shippers: Vendor management processes and secure implementation of integrations matter; tools that promise operational efficiency can introduce exploit paths when not configured with security in mind.
NMFTA resources and the 2026 Cybersecurity Conference
NMFTA has published a Cybersecurity Cargo Crime Reduction Framework that maps cybersecurity controls to cargo crime threat vectors and offers the Road to Resilience guidebooks for fleets ranging from owner-operators to midsized carriers; both are available for free. NMFTA also oversees the Freight Fraud Prevention Hub as a central resource for motor carriers, 3PLs, brokers, shippers and professional drivers seeking educational materials and practical guidance.
The association is inviting security practitioners to its NMFTA 2026 Cybersecurity Conference, scheduled for September 29–October 2 in Long Beach, California, billed as “the only event in North America dedicated to cybersecurity in the transportation sector.” The program promises executive and technical content, hands-on exercises and tabletop sessions that span cyber-enabled cargo crime to heavy-vehicle operational-technology security.
The lesson Wilkens emphasizes is procedural rather than exotic: attackers are transplanting a familiar cyber kill chain into logistics operations, and the industry’s defensive playbook — multi-factor authentication, out-of-band verification, email security and vendor management — maps directly to the problem. NMFTA’s published frameworks and hubs are positioned as entry points for fleets that lack in-house security expertise; whether those resources, taken up at scale, will blunt a pattern that rewards low-risk, high-value thefts remains the practical question facing carriers and the broader supply chain.
