Newsletters Contact Us
RegulatoryThe Playbook

Impersonation Attacks Are Here To Stay

Impersonation scams are getting more advanced, from forged documents to hijacked emails and fake brokers. Carriers and brokers without strong security or processes are easy targets—and scammers know it. This article breaks down how the schemes work and what steps you need to take now to protect your operation.

Contributed Content
·
(Photo: Jim Allen / FreightWaves. Fraudsters don’t need trucks to steal freight — they just need your identity.)
Gemini Sparkle

Key Takeaways:

  • Transportation industry scams have become highly sophisticated, employing techniques like impersonation, document forgery, and compromised data to target both carriers and brokers.
  • Recent scams involve hacking carrier email accounts to book fraudulent loads, impersonating brokers to post fake loads at inflated rates, and creating fake shippers to defraud new brokerages.
  • The FMCSA PIN database breach exacerbated carrier impersonation, but improved procedures now offer quicker detection of compromised registration information.
  • Protecting against these scams requires enhanced computer security practices, relationship building, thorough due diligence, and avoiding quick-profit schemes; resources and training are available through the Freight Fraud Task Force.
Key takeaways sponsored by SONAR
See a mistake? Contact us.

This article is contributed content. It does not reflect the views or opinions of FreightWaves or any of its subsidiaries.

This article has been updated following commentary and feedback from Amazon.

For the last five years, the complexity of scams attacking the transportation industry has evolved into one of the most elaborate and complex forms of fraud attacking commerce.  We have watched fraud evolve from simple double brokering scams to very complex impersonation scams involving document forgery, fake transportation management system (TMS) platforms and websites, hijacked email accounts and spoofed phone numbers.  The level of complexity is so utterly mind blowing that even the best carrier screening platforms have a difficult time determining what is real and what is a scam.

Carrier Impersonation Evolution

In March of 2023, hackers breached the Department of Transportation (DOT) database.  At the time, DOT admitted to only employee information being compromised, however, it was discovered by October of the same year that the entire DOT PIN database was compromised, and available on the Dark Web.

Some free advice:  If you have not changed your DOT PIN number since March of 2023, go to https://www.fmcsa.dot.gov/registration/request-pin-number and follow the instructions.

It was this compromise that gave way to scammers famously searching for ideal target carriers in the Federal Motor Carrier Safety Administration (FMCSA) SAFER database.  When a target was identified, the scammer would purchase the applicable PIN and file an MCS-150 to change the contact info of the carrier with the FMCSA Registration Department.  Once SAFER information was updated to sources controlled by the scammers, they would book loads with brokers with impunity.

Thanks to updated procedures at FMCSA, in cooperation with FreightValidate.com’s free SAFERWatch program, carriers and brokers now know within hours if there are changes made to their registrations.  The Freight Fraud Task Force (FFTF) has been helping both carriers and brokers who have had SAFER information compromised.  The FFTF is using a playbook devised by the FFTF co-founders to help rescue compromised authorities, with the support and backing of the Registration Department at FMCSA.

Latest in Carrier Impersonation

Over the last six months, scammers have found it far more difficult to compromise FMCSA data, and have shifted gears to impersonating carriers by directly attacking their communications, specifically email.  Scammers are still combing FMCSA data to identify potentially weak targets, including motor carriers that lack any level of sophistication with regard to computer security.  Scammers appear to be watching for carriers with public domain email addresses and poor password strength to hack.  

Once a victim is identified, the scammers begin their hacking attack.  They infiltrate the carrier’s email, and begin inserting special code. The scammer finds past sent emails with COI’s, Certificates of Authority, Notices of Assignment, and W9s.  Once that data is gathered, the scammer starts using the carrier’s own email to book loads with potentially weak brokers.  Scammer tech deletes emails from the “sent messages” folder to avoid detection.  When the weak broker replies to the email, scammer tech intercepts the email, and prevents it from ever reaching the user’s inbox, again to avoid detection.  Once the deal is done, the scammer sends in a fake carrier to load and steal the cargo.  Once the weak broker realizes they were scammed, the scammer breaks their connection with the impersonated carrier.  New emails going to the carrier’s inbox are finally visible and both the broker and carrier are wondering “what just happened”?  By this point, the scammer has control of the cargo and disappears, leaving the weak broker and the impersonated carrier to deal with the aftermath.

Broker Impersonation

This form of attack is constant and is visible across the load boards every day.  Brokers are impersonated by scammers who manage to gain access to broker email, TMS and/or broker load board credentials.  Scammers obtain past copies of BOLs and rate confirmations as a template to forge fake documents.  If real documents cannot be easily located, scammers simply cut and paste brokerage logos onto generic documents to make them look authentic.  The scammers then start making load posts in the broker’s name and offer above-market rates for these loads.  This has a distinct odor of a traditional double broker scam.  In the end, a weak carrier books the load, hauls the freight which usually goes to the correct intended destination, and the scammer runs away with the carrier’s pay.  By the time either the impersonated broker or weak carrier figures it out, the attack is over and the bad guy gets away.

This is an extremely popular form of attack involving real shippers and brokers.  As scammers purchase or somehow acquire a closed carrier’s credentials for booking systems, they probe for brokers they can impersonate.  Once a victim broker is identified, the scammer literally books as many loads as possible in as short a time as possible, and using their tech, they repost these loads on load boards almost instantly.  In one such attack last year, a victim broker had over 400 loads posted in their name in the course of an hour (per verbal conversation with the impersonated broker).  Each load was covered by a weak and unsuspecting carrier.  The scammer (and their team) is believed to have grossed as much as $500k in a single attack, based on market lane estimates.  No one knows how much revenue was successfully stolen, however, the number is believed to be quite significant.  Broker victims have no liability to pay carriers for the loads they hauled so they catch the abuse of the weak carriers who don’t know how to direct their energies.  Those who finally make the connection that a specific shipper (or broker on the shipper’s behalf) is liable to pay the final mile carrier under 40 CFR 377, are potentially mired in a complicated claims process that takes experienced collections agents or attorneys to even attempt filing a claim in the hopes of getting the carrier paid for their work.

Latest Impersonation Trend Against Brokers: Fake Shippers

We are seeing a sharp increase in reports of bad actors claiming to be shippers.  In this scam, the bad guys target fairly new brokerages to seek inexperienced brokers with little real sales experience.  This allows the scammer to maximize the odds of profiting from a green or naive broker.  Traditionally we see this as a short-term attack, where a shipper calls a broker out of the blue and offers them freight that actually does not exist.  The green broker gets excited, offers rates, and is “awarded” the freight.

The bad guy throws in another layer… the carrier plant.  The scammer tells the broker that they have a carrier they want to use but it’s easier if the broker just handles it for them instead of doing a direct carrier award by the scammer.  The green broker believes they have achieved a significant success: they have secured freight from a new customer and do not need to locate a carrier.   The carrier is actually a plant by the scammer.  The reality is that no cargo is actually moving.  It is purely a paperwork exercise using fake releases, fake signatures on the Bill of Lading, etc…  The scam is designed so that the green broker pays the planted carrier, and after 30-45 days (pending broker invoice terms) the scammer shipper disappears and fails to pay the green broker.  The potential loss to victim brokers is well into six-figures.

Targeting New Entities

Scammers are here to stay.  There is no doubt on how they operate or how they target victims.   One common theme in target selection is how new, naïve, or weak the victim is.  A recent scam making waves across social media is no exception.  This scam victimizes both carriers and brokers, with the financial effect on the carrier.

FFTF contributor Thomas Azpell was discussing this very issue in a recent LinkedIn post: 

(https://www.linkedin.com/posts/thomas-azpell-19a13314a_logistics-freightfraud-logistics-activity-7368742915675803650-Vf54?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAFa9cUBnF6J4D9l3oUa239cNXjGarMK3VE).

He discovered that his company has a scammer that is impersonating his brokerage.  Worse than that, the scammer has even setup a website and domain to make the scam appear more legitimate.  

This scam targets carriers, while impersonating brokers.  It basically says that the impersonated brokerage has access to regular, direct freight, and is looking for carriers to haul it.  If the carrier pays a $500 deposit, the broker will ensure the carrier gets work on these lanes.  For new carriers out there, no broker charges a “deposit” for preferred access to dedicated lanes.  This scam is a cash grab, and the bad guy will disappear the instant you send the funds.

Azpell has shared on social media, his conversation with the scammer that is still impersonating his brokerage.  “I asked him why he just doesn’t open his own brokerage.  He clearly knows how the freight industry operates.  He could do well in the business”.  This is a common sentiment when industry stakeholders discuss these bad guys and motives. Azpell continued, “He laughed at me.  He asked if I would make $2,000 profit per day.  Of course, I don’t.  But he (scammer) did.”  The reality is that there are upwards of 600 new carriers entering the industry every week.  Just four of these per day need to bite on the scam, and the scammer makes a fortune off the ignorance of new carriers in the impersonated broker’s name.

Steps to Protect Yourselves

Motor Carriers can take simple steps to help protect themselves.  First, do not come into this industry blindly.  Commercial driver license (CDL) mills can teach you how to hold a steering wheel, but they don’t teach how to run a business.  The same is true for the $500 per class videos on YouTube University.  First, find a mentor.  Not just a social media person who acts like they know everything and only read their posts.  Literally befriend them and talk to them.  Find a reliable source of information and learn.  Next, be knowledgeable in computer security practices.  Such practices will reduce the chance you can fall victim to phishing attacks.  Third, purchase a domain reflective of your business name.  It costs a scammer nothing to make a similar Gmail account to impersonate you.  Having a private domain usually costs under $50 per year and legitimizes your business, builds your brand, and makes it more difficult for scammers to hack without it being noticed.  The result of a carrier failing basic defensive measures usually means the carrier loses money on a load.  This is a costly mistake for a profession that operates on razor thin margins.

Brokers also need to take basic steps to help fortify themselves.  Again, train your staff and agents on computer security.  Next, when speaking to potential clients, focus on developing  your relationships.  Rewards in this industry are never easy. A promise of easy reward is always a red flag.  Third, avoid kneejerk reactions.  Processes are key to survival and abandoning those processes for convenience or speed leads to extremely costly mistakes.  A failure in process can lead to your freight being double brokered, or worse.  This can be a six-figure mistake that insurance will most likely not cover.

Help is available if you know where to look.  The Freight Fraud Task Force is building training programs, webinars, and audit programs to help all industry stakeholders.  We have resources we can guide stakeholders to in times of doubt.  Reach out to the FFTF on our LinkedIn page for help.

Contributed Content

Note: FreightWaves occasionally publishes commentary from industry sources with expertise, information and opinion on current transportation topics. The opinions expressed in the article are solely those of the author and not necessarily those of FreightWaves. Submissions to FreightWaves are subject to editing.