Scott Cornell has worked enough cargo theft cases to know that the most dangerous schemes rarely announce themselves. They usually appear disguised as something routine.
Cornell, Chief Risk Officer at SPG Cargo & Logistics, joined me recently on the Fraud Watch podcast to discuss what the industry is now calling the Trojan Driver scam. What stood out most was not just the method itself, but how he described uncovering it. There was no dramatic breakthrough. It started with small inconsistencies across cases that almost made sense on the surface.
the case that didn’t quite add up
The first incident did not immediately raise alarms. At first glance, it looked like a standard theft. But Cornell noticed details that did not fit. The truck was parked somewhere the driver could not explain. The stop did not match the route. Basic identifying information came back inconsistent. Communication became difficult. None of those issues alone proved anything. Together, they painted a very different picture.
At the time, it still looked isolated. What changed everything was when Cornell started discussing it with others in the industry. First in smaller groups, then publicly at a conference. Within days, more companies began reporting similar situations. Different freight. Different carriers. Same types of inconsistencies. That was the moment it stopped looking random. It became a method.
The idea behind the Trojan Driver is not entirely new. Organized theft groups have spent years trying to place insiders inside warehouses, brokerages, and distribution centers to gain access to shipment information and target intel. What changed was the role of the insider.
In older schemes, the insider gathered information while someone else handled the theft. There was separation between intelligence and execution. That separation created risk for the people running the operation. The Trojan Driver removes that separation completely. The insider is the driver. They do not just know what freight is moving. They control where it goes and when control changes hands.
Cornell believes this shift happened because the industry improved at detecting traditional fraud methods. As onboarding and carrier vetting became more sophisticated, organized theft groups lost easy access through fake carriers and identity manipulation. Instead, they adapted by targeting the hiring process of legitimate trucking companies.
why it spreads slowly
Cornell does not believe this will become the industry’s dominant theft method overnight. Unlike phishing or identity fraud, the Trojan Driver model takes time. Drivers have to get hired. They have to build trust. They have to wait for the right load assignment and the right opportunity. Ironically, that patience is part of what makes the method difficult to stop.
Cornell describes it as an opportunity-based tactic. Theft groups keep it available and use it when conditions align, while continuing to rely on other fraud methods in between. The strategy is intentional. A diversified approach keeps the industry from adapting too quickly to one specific threat.
The comparison to phishing attacks is hard to ignore. Early social engineering scams were easy to detect and difficult to scale. Over time, they evolved into one of the most common forms of cybercrime. The Trojan Driver scam appears to be much earlier in that cycle, which means the industry still has a chance to get ahead of it.
the structural problem
This is where Cornell points to the larger issue. From a broker’s perspective, the responsibility is usually limited to vetting the trucking company itself. If the carrier passes every check, there is often no practical way for a broker to identify a compromised driver in real time. The exposure exists inside the carrier’s hiring and screening process. That creates a major gap.
Shippers, brokers, and carriers all operate within separate responsibilities. That structure made sense when threats stayed within clear boundaries. It becomes far less effective against a method specifically designed to move between those gaps.
Cornell compares the problem to the evolution of safety standards in trucking. Real progress did not happen because one part of the industry decided to address it alone. It improved when the entire industry recognized it as a shared responsibility through shared standards, shared information, and shared accountability. Cargo theft may require the same shift.
what this means going forward
The Trojan Driver scam will not be the last evolution of cargo theft. Organized theft groups constantly test new methods, refine what works, and abandon what does not. Successful tactics spread quickly once they prove effective.
The question was never whether cargo theft would evolve. It always has. The real question is whether the industry can adapt faster than the threat itself.
Scott Cornell is Chief Risk Officer at SPG Cargo & Logistics. This article is based on his appearance on the Fraud Watch podcast.
Click here for more articles on cargo theft and freight fraud by Phillip Brink.
RELATED STORIES:
Trojan Driver scam infiltrates legitimate trucking companies – FreightWaves
Freight Fraud Symposium
Double brokering. AI deepfakes. Identity theft. Freight fraud is an existential threat to the industry. Get ahead of it.
Supply Chain AI Symposium
Past the hype. Join operators, founders, and enterprise leaders figuring out how to deploy AI in supply chain.
Future of Rail Symposium
Reshoring is rewriting freight demand. Join shippers, rail executives, and government officials to shape the next decade.
Double brokering. AI deepfakes. Identity theft. Freight fraud is an existential threat to the industry. Get ahead of it.
Rock & Roll Hall of Fame • Cleveland, OH Register NowPast the hype. Join operators, founders, and enterprise leaders figuring out how to deploy AI in supply chain.
The Old Post Office • Chicago, IL Register NowReshoring is rewriting freight demand. Join shippers, rail executives, and government officials to shape the next decade.
The Signal at Chattanooga Choo Choo • Chattanooga, TN Register Now