The logistics industry has become increasingly impacted by phishing attacks and it looks like sophisticated hackers are eyeing brokers and carriers utilizing load board DAT.
On Friday, the industry newsletter Freight Caviar posted an email titled “WE HAD TO CANCEL SETUP: YOU HAVE A REPORT” from an address designated as DAT ONE with case@onedatfreight.com credentials.
The email had sent a fake Carrier411 Freight Guard Report requesting the user respond to the report at onedatfreight.com. DAT’s actual website address is one.dat.com.
The two sites are nearly identical, with only a few varying features, including an “Issues with Login” pop-up.
The IP address shows a company called Beget LLC out of St. Petersburg, Russia, is currently hosting the fake site.
Likely, the fake DAT website steals the usernames and passwords of those who respond to the email. Once someone has acquired this information, he or she can log in to the real DAT ONE site and post or win loads under the identification of a real broker or carrier to fraudulently phish loads, steal loads in transit or double broker loads.
Related: It’s time for massive load board players to take responsibility for fraud
According to load board Truckstop.com, marketplace fraud increased 400% from the fourth quarter of 2021 to the fourth quarter of 2022. This is the highest level the industry has seen since the tracking of fraud reports began in 2004.
DAT told FreightWaves on Friday that it is aware of the post shared on X and appreciated the post.
“Fighting fraud is a community effort,” said Annabel Reeves, communication director at DAT.
She explained if customers think they have received a phishing email impersonating DAT or believe their DAT credentials have been compromised they should reach out to their customer service department right away and report the bad actor. She also suggested they send a screenshot of the message to customer service and not forward the actual phishing email to them.
Reeves also noted that even if a username and password are obtained by a hacker, DAT now uses multi-factor authentication to verify log in attempts.
“The sophistication of phishing scams continues to grow. We’re continuing to invest heavily in technology and AI, as well as our Network Integrity Unit, but ‘saying something when you see something’ is essential as well,” she explained while sharing the company’s fraud alert educational document.
If you have a story on load board fraud to share, please email gsharkey@www.freightwaves.com.
Elle
DAT is the only loadboard we use. This summer we had 5 carriers call us for a set of loads that we had posted on DAT. So they all had DAT accounts, whether they were legit or not, and when we went to vett them for onboarding, every single one of them was fraudulent, using someone else’s MC/USDOT and they all faked insurance certifications. As instructed by DAT, I filed reports with DAT, USDOT, FMCSA and the FBI cyber fraud department. Only the USDOT responded with “we don’t have primary oversight. Our file is closed, and we are unable to reply to further communications regarding this matter.” I’ve copied that directly from the email they sent after their first denial when I asked why they don’t feel they have at least an obligation to notify the true owners of the USDOT numbers as the USDOT is the issuing party.
Silva
I just wonder what is happening to the CFX Group? I couldn’t make any withdrawal. I did research and found that Frecuperation Tech could help victims to recoup assets and I reached out to them and they helped recoup my investment from CFX Group. Victims who are also trying to recoup their assets can contact frecuperation@aol.com for help.
Andrew Wilson
DAT has been allowing/promoting these kind of frauds for over a decade. I dought anytbing will change now. “We were aware of 3 new accounts create dunder the TQL MC” but they did absolutely nothing to calll TQL and verify said 3 new accounts. DAT is a joke.