Phishing Email Gave Thieves $1.7M Condom Load Using Carrier's Identity
Criminals used a phishing email to compromise a legitimate trucking company's credentials, then picked up a 103,000-unit shipment bound for Walmart and rerouted it to the Bronx. The carrier never touched the cargo.
How did criminals steal a $1.7 million condom shipment without breaking into a trailer?
A shipment of condoms and personal lubricant valued at approximately $1.7 million was allegedly diverted after criminals compromised the identity of a legitimate trucking carrier and used that identity to secure freight bound for a Walmart distribution center. The cargo consisted of approximately 103,000 units of ONE Condoms and Move lubricant manufactured by Global Protection Corp.
The shipment originated in Lynn, Massachusetts, and was destined for a Walmart distribution center in Pennsylvania. Company officials allege the theft did not involve a stolen trailer or a break-in. Instead, the scheme allegedly began with a phishing email disguised as a broker agreement. The email was reportedly sent to a legitimate trucking company and allowed criminals to gain access to the carrier's systems and assume its identity.
The mechanics: how the carrier impersonation worked
According to public reporting, the attackers then used the carrier's credentials to arrange transportation for the shipment. Legitimate drivers allegedly arrived with the correct shipment numbers and paperwork, unaware they were participating in a fraud scheme.
The shipment was allegedly rerouted to a warehouse in the Bronx after pickup and never arrived at its intended destination. Public reporting indicates the carrier whose identity was allegedly compromised was not involved in the theft and is considered a victim of the scheme.
That distinction has become increasingly important as identity-based fraud grows. In many modern cargo theft cases, the criminals never touch a lock or cut a seal. Instead, they exploit the trust brokers, shippers and carriers place in email accounts, load tenders and business identities. The result is that legitimate companies can unknowingly become part of a theft without ever touching the cargo.
Cyber cargo theft jumped 60% in 2025
The incident highlights a shift in how cargo theft is occurring across North America. Rather than stealing unattended trailers or breaking into warehouses, organized groups are increasingly targeting the identities and communications systems that keep freight moving.
In April, the FBI's Internet Crime Complaint Center warned that cyber-enabled cargo theft losses in the United States and Canada reached nearly $725 million in 2025, an increase of approximately 60% from the previous year.
The FBI said criminals are increasingly using phishing emails, spoofed websites, compromised business accounts and fraudulent communications to impersonate legitimate brokers and carriers. Once trust is established, the freight moves exactly as intended until it arrives somewhere it was never supposed to go.
The methods described in the Global Protection case closely resemble those tactics.
What carriers should verify before opening broker emails
The phishing email in this case was reportedly disguised as a broker agreement. That pattern is common. Criminals send emails that look like legitimate rate confirmations, broker agreements, or load tenders. The email contains a link or an attachment. When the carrier clicks, the attackers gain access to email accounts, load boards, or internal systems.
Carriers should verify the sender's email domain before opening any attachment or clicking any link. A legitimate broker's email will come from the broker's registered domain. If the email comes from a Gmail account, a Yahoo account, or a domain that is one letter off from a known broker, do not open it.
Carriers should also verify the broker's MC number and phone number independently. Do not call the phone number in the email. Look up the broker's MC number on the FMCSA website and call the phone number listed there. Ask the broker to confirm they sent the email.
Brokers who vet carriers online are now adding email-domain verification to their onboarding workflows. Carriers should do the same when vetting brokers.
What to do if your carrier identity is compromised
If you suspect your carrier identity has been compromised, contact the FMCSA immediately. File a complaint with the FBI's Internet Crime Complaint Center at ic3.gov. Contact your insurance carrier. Change all passwords for load boards, email accounts, and dispatch systems.
Notify every broker you work with that your credentials may have been compromised. Ask them to verify your identity before tendering any new loads. Provide them with a phone number they can call to confirm any load acceptance.
Monitor your MC number on load boards and carrier-vetting platforms. If you see loads you did not accept or pickups you did not make, report them immediately.
FreightWaves contacted Global Protection Corp., Walmart and the FBI seeking comment regarding the alleged theft and any related investigation. No responses had been received at the time of publication.
