Alert Cites Spoofed Emails, Fake URLs, Fraudulent Load Board Posts
Noel Fletcher
The FBI has issued a public alert about “surging” cargo theft cases involving cybercriminals impersonating a broad range of legitimate freight companies.
The April 30 announcement highlighted the tactics and range of firms being targeted in the U.S. transportation and logistics sectors — from insuring cargo to shipping, receiving and delivering freight.
Cybercriminals, the FBI warned, are deploying more sophisticated tactics to impersonate real businesses to hijack freight, reroute shipments and steal high-value cargo. The result has been a surge in the crime over the past two years.
Cargo thieves are gaining unauthorized access to computer systems of freight brokers and carriers — mainly with spoofed emails and fake URLs — to compromise carrier accounts.
The criminals are accessing victim-company accounts to reach servers that can release malware. They also are acquiring website domain names that are spoofed versions of legitimate company URLs.
“The cyber actors pose as victim companies and post fraudulent listings on load boards to deceive shippers, brokers and carriers into handing over goods, which are redirected from their intended destination and stolen for resale,” the FBI explained.
Cyber Schemes
The FBI provided a multistep process that cyber thieves use to steal freight.
Criminals impersonate and spoof brokers via email, sending links to a carrier broker agreement or to review and address poor service ratings. The links are frequently shortened, spoofed URLs. Once clicked, victim companies are redirected to a phishing website imitating the legitimate one.
More on Cargo Theft in TT
CRIMINAL STRATEGY: Tactics keep evolving
FINANCIAL EFFECT: Thefts estimated to cost $18 million a day
ON CAPITOL HILL: Legislation takes a step forward
“The phishing website hosts a malicious executable file, which downloads other legitimate remote monitoring and management software, giving the cyberthreat actors total, undetected access to the brokers’ or carriers’ systems,” the FBI stated.
When the criminals access load boards, they impersonate legitimate brokers using compromised carrier accounts to post additional fake loads.
“Legitimate carriers bid on the fake loads and contact the threat actors, who provide the malicious carrier broker agreement and compromise the carrier’s computer systems,” the agency added.
Pretending to be the compromised victim-carrier company, the thieves accept shipments and double-broker a load to partially unwitting drivers — giving manipulated bills of lading and changing a load’s destination.
To ensure their access, criminals change a legitimate carrier’s contact information with the Federal Motor Carrier Safety Administration and update insurance information “to permit loads the legitimate carrier previously did not accept,” the FBI noted. “The compromised carrier may not realize they are compromised until brokers contact them about missing loads booked under their authority but without their knowledge.”
Loads can be cross-docked for less than 24 hours at a warehouse before being picked up by another carrier or transloaded to colluding drivers, who redirect the cargo.
In cargo theft schemes, transloading “appears as unloading freight from one carrier directly to another, sometimes on the side of a road,” the FBI said.
Some drivers are caught up in cargo theft by not being fully aware of the scheme but “should recognize that certain aspects of their involvement in the carrier process is suspicious and atypical in the industry,” the FBI stated.
Sometimes thieves impersonating a carrier reconnect with the broker and demand a ransom in return for providing the missing cargo’s location or information about the stolen load.
How to Spot Cyber Cargo Theft
The FBI encourages companies working within the transportation and logistics sector to be aware of these tactics. Other ways to identify cyber cargo thieves include:
- Being contacted by brokers, carriers or dispatchers about unauthorized shipments being done in a company’s name without that company’s knowledge.
- Receiving emails spoofing legitimate company domains using free email providers — such as dispatch.FBITrucking@[provider].com instead of dispatch@FBITrucking.com.
- Requesting a legitimate company to download documents or forms from shortened or spoofed web links.
- Emails claiming to be negative service reviews with links to “review” or “resolve” complaints — with links leading to malicious downloads.
- New or unauthorized mailbox rules — forwarding to external addresses, autodeletion or hidden folders.
- Other tactics involve sending companies emails from domains or free service providers that mimic legitimate ones but have small differences. Examples are extra punctuation (fb-i.gov), different top-level domains (fbi.com, fbi.us), extra prefixes or suffixes (thefbi.gov, fbiemail.gov) and misspellings (fbii.gov, fdi.gov).
- Fake email addresses are spoofed or changed from real ones by adding the name of a job-related title in front of an authentic email address.
- Criminals avoiding the use of telephone landlines and cellphones and communicating with target companies through voice over internet protocol (VoIP) and online applications that are used for short periods and found to be in contact with overseas phone numbers.
