Cargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods.
Cyber operations have grown to become a major component of cargo theft over the past four years, with transnational cybercriminal groups increasingly using phishing, impersonation, and remote compromise to hijack goods during transport.
The FBI has warned that cargo theft losses in the US and Canada jumped 60%, to an estimated $725 million in 2025, as criminals adopted a cyber-enabled playbook for compromising brokers, carriers, and shippers — using that access to conduct a variety of illegal schemes. Often threat actors will use impersonation to pose as a broker and phishing with links to malicious sites to steal credentials and install malware. In other cases, they will create fake online orders for shipping cargo, while fraudulently bidding on real loads, the FBI stated.
Cyber-enabled cargo theft — often called strategic cargo theft, because the criminals operate more like businesses than smash-and-grab cargo thieves — leads to cargo shippers and transporters willingly giving their cargo to criminals, says Keith Lewis, vice president of operations at Verisk Cargonet, a transportation-industry threat-intelligence service.
"The bad guys are good at a few different things: one is return on investment, two is they know our business better than we do, and three is the innovation," he says. "We can come up with four or five different stop-gaps for [the current schemes], and they'll come up with four or five different workarounds. There's just no silver bullet."
The FBI's April 30 threat notice to the transportation industry highlights the changes in cargo-related crime. Enabled by technology and compromised logistics systems, cargo theft has moved beyond local criminal groups and become a favored strategy of transnational criminal groups, because they can conduct the fraud from overseas, including compromising remote monitoring and management (RMM) systems and spoofing global positioning systems to make missing cargo harder to locate.
With a compromised broker account, a cybercriminal has a variety of options for cargo theft. Source: FBI's I3C
Overall, cybercriminals are constantly finding ways to exploit vulnerabilities in the information systems that manage the physical supply chain, David Glawe, president and CEO of the National Insurance Crime Bureau, said during his July 2025 testimony before the US Senate Committee on the Judiciary.
"While most cargo thefts historically occurred at warehouses or distribution centers, strategic cargo thefts can happen at any vulnerable point in the supply chain," he said. "Criminals can operate under the guise of being a legitimate carrier in order to gain possession of cargo or steal another carrier's identity to bid on shipments they later divert away from their intended destination."
Cargo-theft-focused cybercriminals target all three links in the chain, NICB's Glawe stated.
"These organized crime groups stay anonymous by remaining overseas, using legitimate brokers and transporters to move stolen goods to the groups’ desired destinations for export," he said. "Many of these schemes involve business email compromises, carried out through phishing attacks or the use of slightly altered email domains."
About a quarter of all cargo theft incidents in the first quarter of 2026 fell into the cyber-enabled categories of fictitious pickup or fraud, according to Verisk CargoNet data. From creating synthetic identities for driver's licenses to acquiring motor-carrier businesses to gain access to their approved credentials, cybercriminal operations targeting cargo have taken off.
In 2026, the amount of cargo theft appears to have subsided somewhat, but CargoNet's Lewis stressed that the reports likely underestimate the size of the losses, because — like other businesses — transportation companies do not like to talk about losses.
"The difference between credit-card fraud and theft in our world is they have an exact number — they know they didn't get paid," he says. "There's no mandatory reporting for cargo theft. Now, an individual company may know their number, but that doesn't mean they have to report it to law enforcement or to us, to anyone."
Most transportation companies are not taking the time to watch out for cyber threats, he says.
"It's about paying attention to your surroundings — the old saying is keep your head on a swivel, watch your six, and trust no one, and we don't see that enough in our industry," he says. "We see that we're moving so fast that we don't have time to check those things."
For enterprises worried about their supply chain, they should make sure to screen employees, train employees on cargo security, vet transportation partners, institute in-transit security controls, and protect their information technology systems, according to the National Insurance Crime Bureau.
Criminals continue to improve their tactics and innovate in their efforts to circumvent cargo security measures, especially gravitating toward tactics that can be managed and accomplished while overseas, the NICB's Glawe said in his testimony to the US Senate.
"As cargo theft tactics grow more sophisticated," he stated, "particularly with the rise of strategic and cyber-enabled schemes, industry professionals must commit to stronger carrier vetting, consistent driver identification checks, and the utilization of secure pickup protocols."
Cyber operations have grown to become a major component of cargo theft over the past four years, with transnational cybercriminal groups increasingly using phishing, impersonation, and remote compromise to hijack goods during transport.
The FBI has warned that cargo theft losses in the US and Canada jumped 60%, to an estimated $725 million in 2025, as criminals adopted a cyber-enabled playbook for compromising brokers, carriers, and shippers — using that access to conduct a variety of illegal schemes. Often threat actors will use impersonation to pose as a broker and phishing with links to malicious sites to steal credentials and install malware. In other cases, they will create fake online orders for shipping cargo, while fraudulently bidding on real loads, the FBI stated.
Cyber-enabled cargo theft — often called strategic cargo theft, because the criminals operate more like businesses than smash-and-grab cargo thieves — leads to cargo shippers and transporters willingly giving their cargo to criminals, says Keith Lewis, vice president of operations at Verisk Cargonet, a transportation-industry threat-intelligence service.
"The bad guys are good at a few different things: one is return on investment, two is they know our business better than we do, and three is the innovation," he says. "We can come up with four or five different stop-gaps for [the current schemes], and they'll come up with four or five different workarounds. There's just no silver bullet."
The FBI's April 30 threat notice to the transportation industry highlights the changes in cargo-related crime. Enabled by technology and compromised logistics systems, cargo theft has moved beyond local criminal groups and become a favored strategy of transnational criminal groups, because they can conduct the fraud from overseas, including compromising remote monitoring and management (RMM) systems and spoofing global positioning systems to make missing cargo harder to locate.
With a compromised broker account, a cybercriminal has a variety of options for cargo theft. Source: FBI's I3C
Overall, cybercriminals are constantly finding ways to exploit vulnerabilities in the information systems that manage the physical supply chain, David Glawe, president and CEO of the National Insurance Crime Bureau, said during his July 2025 testimony before the US Senate Committee on the Judiciary.
"While most cargo thefts historically occurred at warehouses or distribution centers, strategic cargo thefts can happen at any vulnerable point in the supply chain," he said. "Criminals can operate under the guise of being a legitimate carrier in order to gain possession of cargo or steal another carrier's identity to bid on shipments they later divert away from their intended destination."
Cargo Theft: No Longer Small Operations
The key links in the transport supply chain are the fulfillment companies, the brokers, and the transporters. Fulfillment companies are the origin of the cargo — they are the ones who pack and prepare the goods, label and documenting as necessary, and hand off the cargo to the transporters, or carriers, move cargo and goods, delivering them to their destination, while tracking and reporting information about the goods and complying with regulations. Brokers are the intermediaries that match shippers with carriers, coordinating the logistics of pick up and scheduling.Cargo-theft-focused cybercriminals target all three links in the chain, NICB's Glawe stated.
"These organized crime groups stay anonymous by remaining overseas, using legitimate brokers and transporters to move stolen goods to the groups’ desired destinations for export," he said. "Many of these schemes involve business email compromises, carried out through phishing attacks or the use of slightly altered email domains."
About a quarter of all cargo theft incidents in the first quarter of 2026 fell into the cyber-enabled categories of fictitious pickup or fraud, according to Verisk CargoNet data. From creating synthetic identities for driver's licenses to acquiring motor-carrier businesses to gain access to their approved credentials, cybercriminal operations targeting cargo have taken off.
In 2026, the amount of cargo theft appears to have subsided somewhat, but CargoNet's Lewis stressed that the reports likely underestimate the size of the losses, because — like other businesses — transportation companies do not like to talk about losses.
"The difference between credit-card fraud and theft in our world is they have an exact number — they know they didn't get paid," he says. "There's no mandatory reporting for cargo theft. Now, an individual company may know their number, but that doesn't mean they have to report it to law enforcement or to us, to anyone."
Logistics Defenders Need a 'Head on a Swivel'
While many of the techniques for verifying transport and securing the supply chain are well known, the fast-paced nature of the logistics industry often leads to insufficient vetting of carriers and drivers, allowing impersonation to have an outsized impact, says CargoNet's Lewis.Most transportation companies are not taking the time to watch out for cyber threats, he says.
"It's about paying attention to your surroundings — the old saying is keep your head on a swivel, watch your six, and trust no one, and we don't see that enough in our industry," he says. "We see that we're moving so fast that we don't have time to check those things."
For enterprises worried about their supply chain, they should make sure to screen employees, train employees on cargo security, vet transportation partners, institute in-transit security controls, and protect their information technology systems, according to the National Insurance Crime Bureau.
Criminals continue to improve their tactics and innovate in their efforts to circumvent cargo security measures, especially gravitating toward tactics that can be managed and accomplished while overseas, the NICB's Glawe said in his testimony to the US Senate.
"As cargo theft tactics grow more sophisticated," he stated, "particularly with the rise of strategic and cyber-enabled schemes, industry professionals must commit to stronger carrier vetting, consistent driver identification checks, and the utilization of secure pickup protocols."