The load left the dock with the right paperwork, the right carrier name, and the right truck number. Everything checked out. It just never arrived.
That’s how cargo theft works now. Not a crowbar in a parking lot. A laptop. A cloned carrier identity. A dispatcher who sounded completely legitimate because they had your broker’s name, your contact’s phone number, and the exact details of the load — pulled from a compromised freight platform days before anyone picked up a phone.
According to Verisk CargoNet’s 2025 annual analysis, estimated cargo theft losses surged 60% to nearly $725 million — while the total number of incidents barely moved. That gap tells the whole story. Criminals aren’t working harder. They’re working smarter, targeting only the highest-value freight, and walking away with an average of $273,990 per theft — up 36% from the year before.
This isn’t a California and Texas problem anymore. It never really was.
The Geography Has Shifted — And So Has the Playbook
For years, the cargo theft conversation centered on a handful of high-risk corridors. That framing is now dangerous.
In 2025, New Jersey reported a 50% increase in cargo theft incidents. Indiana climbed 30%. Pennsylvania was up 24%. Within California, activity moved away from Los Angeles County — down 11% — and pushed into Kern County, where incidents jumped 82%, and San Joaquin County, up 44%. The New York City metro area saw some of its sharpest numbers in years.
Meanwhile, the targets have shifted too. Food and beverage thefts spiked 47%, with meat, seafood, and tree nuts among the most hit commodities depending on region. Metals theft climbed 77%, driven almost entirely by copper demand tied to the clean energy buildout. Enterprise computing hardware and cryptocurrency mining equipment rounded out the top targets — cargo that’s small, dense, high-value, and easy to move.
If your freight falls into any of those categories, you’re not in a low-risk lane just because your region felt quiet last year.
This Is What a Modern Cargo Theft Actually Looks Like
Forget the image of a broken trailer seal at a truck stop. The fastest-growing category of cargo crime — what CargoNet and others call “strategic theft” — has increased roughly 1,500% since the first quarter of 2021, according to Commercial Carrier Journal. It involves no physical break-in at all.
Here’s how a typical scheme unfolds, based on reporting from CargoNet’s Q3 2025 analysis and AMB Logistic’s cybercrime breakdown:
A criminal group monitors load boards and freight platforms, identifying high-value shipments in active lanes. They gather names — the specific broker handling the load, the assigned carrier, and the individual contacts at both companies. Then they use that intelligence to impersonate those parties: cloned email domains, spoofed phone numbers, falsified FMCSA credentials, copied insurance certificates.
By the time a truck shows up to pick up the freight, everything looks legitimate. The documents match. The driver knows the right names. The load leaves. Communication goes quiet.
The NICB’s President testified before the U.S. Senate Judiciary Committee in 2025 about how these schemes work: weaknesses in common-use business technologies like VoIP and GPS, combined with business email compromise and synthetic identities, allow criminals to reroute high-value goods from their intended destination to the black market — often without triggering a single alert.
Double brokering is the other major vector. A carrier accepts a load, then illegally re-brokers it to an unauthorized party — one that may lack proper insurance, may not deliver, or may deliver only part of the load before the trail goes cold. The original shipper often doesn’t know it happened until the delivery window passes.
What Shippers Are Getting Wrong
The instinct after reading numbers like these is to focus on the carrier vetting process. That instinct is right, but most companies stop at the wrong point.
Checking an FMCSA registration and calling it vetted isn’t enough. As FreightWaves and multiple compliance sources have noted, FMCSA’s legacy systems are outdated — criminals have registered fraudulent carrier identities using stolen credentials with minimal scrutiny for years. A carrier that shows up clean in a basic search may have a cloned identity, a recently purchased legitimate authority with a clean history, or a compromised account being operated by someone other than the original owner.
CargoNet specifically flagged this in their 2025 annual report: as CDL enforcement tightens and more small carriers exit the market, the pool of carriers available for acquisition grows — and criminal groups are watching. They look for carriers with strong load histories and good safety scores, buy or steal those identities, and use them to win high-value freight.
What actually works:
Verify carrier identity through multiple channels before every new relationship — not just FMCSA lookup, but direct phone verification using numbers you find independently, not numbers provided in the email thread. Criminals count on you using the contact information they gave you.
Scrutinize any email address carefully. A domain that looks right but has one character transposed — nfc-logistics.com versus nfclogistics.com — is a red flag that gets missed when people are moving fast.
Only you, as the cargo owner, should be able to authorize re-routing. Per NICB guidance, re-routing decisions should never originate from a broker, carrier dispatch, or any intermediary. If someone calls mid-shipment to redirect your load, that call should require verification through a pre-established out-of-band channel before anything changes.
Beginning February 2026, NMFTA introduced identity verification for all SCAC applications and renewals for non-Class 8 carriers, tying each code to a verified individual through a partnership with Persona. It’s not a complete solution, but it’s a meaningful data point — and brokers and shippers should be asking whether the carrier they’re working with has gone through that verification.
What Carriers Are Getting Wrong
Carriers face a different exposure. They can be impersonated without knowing it — their DOT number, MC authority, and insurance certificates cloned and used to pick up freight they never agreed to haul. They can also be targeted through load board phishing: an attractive load listing, a follow-up email with a link that installs remote access software, and suddenly someone else has access to their dispatch systems.
According to Tank Transport’s 2025 cybercrime analysis, attackers use remote monitoring and management tools to gain control of trucking company systems — then bid on and reroute real shipments from inside the network, using the carrier’s own credentials and communication channels.
Smaller carriers are especially exposed. They rely heavily on email and load boards, often with shared passwords, no multi-factor authentication, and limited IT oversight. That’s not a judgment — it’s just the reality of how most small operations run, and it’s exactly what fraud rings design their campaigns around.
Practical steps that reduce exposure:
Never click links in load-related emails to download documents or agreements. Request that documents be sent through a platform you already use, or access them through a direct login — not a link.
Verify any load that arrives with unusual terms: last-minute pickup location changes, pressure to confirm quickly, payment terms that differ from what was discussed, or a broker you haven’t worked with before offering rates that seem too good for the lane.
Call back using contact numbers you find independently — not the number in the email. Thread hijacking is real: criminals insert themselves into existing email conversations and send instructions that look like they’re continuing an established exchange.
Implement basic cybersecurity hygiene: multi-factor authentication on email and load board accounts, unique passwords per platform, and a clear policy on who can authorize load changes internally.
If Something Goes Wrong
Report it immediately. CargoNet, NICB, the FBI, and local law enforcement all have cargo theft reporting channels — and early reporting dramatically improves recovery odds. GPS tracking data, communication logs, and delivery documentation should be preserved and handed over as quickly as possible.
Document everything before a loss happens: your verification process, your carrier vetting checklist, your in-transit tracking protocols. In a cargo theft situation, that documentation determines whether your insurance claim holds up and whether liability falls where it belongs.
The Bigger Picture
Cargo theft has moved from an operational nuisance to a boardroom-level supply chain risk — and most companies’ vetting processes haven’t kept up with how the threat has evolved.
The operations handling this well aren’t just reacting when something goes wrong. They’ve built verification into the workflow before a load is ever tendered, and they’ve made sure everyone who touches a shipment — from dispatch to billing — knows what a suspicious request looks like and what to do about it.
That’s not overcaution. In a market where the average theft is now approaching $275,000, it’s just good business.
Concerned about your freight exposure? Let’s talk.
📞 (931) 200-5601 | nfc@nationalfreightconnection.com
Sources: Verisk CargoNet 2025 Annual Cargo Theft Analysis (January 2026); Verisk CargoNet Q3 2025 Supply Chain Risk Trends Report; National Insurance Crime Bureau (NICB) Cargo Theft Reporting and Senate Testimony 2025; Commercial Carrier Journal — 5 Best Practices to Prevent Freight Fraud; Tank Transport — Cyber Cargo Theft Surge 2025; AMB Logistic — Hackers, Freight Marketplaces and the New Wave of U.S. Cargo Hijacking; NMFTA — SCAC Identity Verification Initiative February 2026; FreightWaves — DOT Secretary Plans to Use AI to Solve Carrier Identity; Cooperative Logistics Network — Cargo Fraud Prevention 2026; Truckstop.com — Freight Fraud: How Brokers Can Avoid This Common Threat.