Scammers are increasingly impersonating transportation companies to bid on shipments and then contract the job at a lower price to potentially less reliable carriers. This type of scam, known as double brokering, can nullify insurance coverage for shipments made by companies that fall victim to it and can also leave subcontracted transportation carriers unpaid.
Threat researchers from Cloudflare reported an increase in this type of business email compromise (BEC) scam this year, and in one case tracked and blocked around 10 such incidents per month for a single Fortune 500 company from the food and beverage industry since the start of 2024.
“This type of scam has become prevalent in part because there are a plethora of transportation companies to impersonate,” Cloudflare researchers said in the threat report. “Additionally, many of these legitimate companies do not own a website to conduct their business. As a result, threat actors can impersonate these brokering companies by setting up a website in their name to conduct their fraudulent transactions.”
How the scam impersonates carriers and brokers
The scam works by monitoring freight boards for loads posted and emailing these companies posing as a known carrier to inquire for more details and offer a competitive price in an attempt to win the bid.
Once they secure the bid, they then impersonate freight brokers and repost that load on freight boards with the intent of finding a carrier willing to transport it for an even lower price to pocket the difference.
Freight brokers are legitimate services that play an intermediary role in the freight industry. They can help companies find carriers for a shipment within a desired price range, within a specific timeframe, or who are able to transport specialty loads like oversized items, or goods that require refrigeration, or across borders and so on.
“These scams can result in more than just monetary loss,” the Cloudflare researchers warned. “For example, if the threat actor gives the load to a cargo carrier with poor reliability or safety ratings, it might be delayed, damaged, or lost during shipment. That could result in reputational harm and additional financial losses, especially if the shipment is not properly insured.”
But shippers are often not the only victims. In a variation of the scam, the impersonators also repost the shipment with a higher price to convince a legitimate carrier to haul the load. But when the time comes for the carrier to be paid, the phone numbers are disconnected and the email addresses deleted.
How to defend against double brokering
The defense against double-brokering scams is similar to all BEC attacks that involve impersonation. Companies should double check the legitimacy of the carriers or freight brokers contacting them and check if the domain names behind the email addresses are the correct ones. Threat actors often create a fraudulent domain by adding “LLC” or “INC” at the end of a legitimate company name. For example, xyzshipping[.]com is the legitimate domain, while xyzshippingllc[.]com is fraudulent.
Carriers should also do their own diligence and check if a load has been reposted, especially if the price looks too good to be true. And if the request requires them to pick up a load with a Bill of Lading that has a different carrier or broker’s name on it, they should always ask additional questions before accepting it.