Cargo Theft Falls in Q1 as Criminals Buy Trucking Companies Outright

Cargo theft incidents dropped in the first quarter of 2026, but criminal networks responded by escalating impersonation tactics — including the outright purchase of legitimate trucking companies through online marketplaces and brokerage services, according to Verisk CargoNet.

How are criminals acquiring legitimate carrier authority?

CargoNet identified two primary methods. The first is credential harvesting: phishing attacks and malware designed to compromise business email accounts, phone systems, and load board or brokerage platform logins. Once inside, criminals pose as legitimate carriers, accept loads, and redirect shipments under trusted identities.

The second method is direct acquisition. Some groups are purchasing motor carriers with valid operating authorities. These purchases allow criminals to operate under legitimate USDOT and MC numbers, making detection significantly harder for brokers and shippers who rely on authority checks at the load tender stage.

Why the shift to buying carriers instead of spoofing them?

The rise in impersonation schemes is a direct response to improved anti-fraud controls deployed across the industry, according to Keith Lewis, vice president of operations at Verisk CargoNet.

"The anti-fraud tools the industry has deployed are working — they're forcing criminals to invest more in elaborate schemes," Lewis said.

When brokers tightened verification protocols for new carrier setups and load tenders, criminals adapted by acquiring the credentials and authorities that pass those checks. A purchased carrier with a clean SAFER record and years of operating history can clear automated vetting that would flag a newly registered shell company.

What this means for broker and shipper vetting

Standard USDOT and MC number lookups remain necessary but are no longer sufficient. A valid authority does not guarantee the carrier tendering the load is the same entity that originally held that authority — or that the person on the phone controls the company listed in FMCSA records.

Brokers and shippers vetting an unfamiliar carrier should cross-reference the contact information on file with the carrier's stated phone number and email domain, verify the carrier's active authority and SAFER profile, and confirm pickup details through a known contact rather than replying to inbound emails or accepting callback numbers provided in load confirmations.

CargoNet did not release Q1 theft incident counts or specify which states or freight categories saw the largest declines. The report focused on the tactical shift in criminal methodology rather than volume trends.

Credential theft mechanics

Phishing campaigns targeting carriers and brokers have grown more sophisticated. Attackers send emails mimicking load board notifications, broker payment portals, or FMCSA compliance alerts. When a dispatcher or owner-operator clicks a link and enters login credentials, the attacker captures those credentials in real time.

Malware variants can also intercept emails, allowing criminals to monitor conversations between a broker and carrier, then inject themselves into the thread with updated banking or pickup instructions. The broker believes they are communicating with the legitimate carrier; the carrier never sees the fraudulent messages.

What small fleets and owner-operators should watch for

Carriers whose email or load board accounts are compromised may not realize it until a broker reports a no-show or a shipper flags a diverted load. Warning signs include unexpected password reset emails, login notifications from unfamiliar IP addresses, or brokers asking about loads the carrier never accepted.

Two-factor authentication on load board and email accounts reduces the risk of credential theft. Carriers should also monitor their FMCSA profile for unauthorized changes to contact information or insurance filings — a tactic criminals use after acquiring a company to redirect communications.

The cost of operating under a stolen or purchased authority

When a load is stolen under a legitimate carrier's authority, the carrier's insurance and safety record can be implicated even if they had no knowledge of the theft. Brokers may blacklist the MC number. Insurers may non-renew or raise premiums. FMCSA may flag the carrier for investigation if the theft triggers a cargo claim or law enforcement report.

For carriers whose authority was purchased outright, the original owner may remain legally liable for freight claims and regulatory violations committed by the new operators until the transfer is formally recorded with FMCSA — a process that can take weeks and requires the buyer to file updated insurance and process agent documentation.

What changes for small fleets because of this trend

Small fleets and owner-operators should treat their USDOT and MC numbers as high-value assets. Monitor your FMCSA profile monthly. Enable two-factor authentication on every platform that supports it. Do not click links in unsolicited emails claiming to be from load boards, brokers, or FMCSA.

If you are selling your authority or considering an offer to purchase your company, understand that the buyer will inherit your safety record and operating history — and that any freight crimes committed under that authority after the sale can still surface in your name until FMCSA processes the ownership transfer. Vet the buyer as carefully as a broker would vet you.