Blach capital H watermark in hero section

Articles

Direct Theft in Freight: Why 2025 Marked a Turning Point in Cargo Theft

2025 marked a clear inflection point in freight fraud.

By year-end, direct theft accounted for nearly half of all reported stolen loads, surpassing compromised inboxes and manipulated ownership changes as the leading driver of loss.

These incidents were increasingly carried out by carriers with legitimate operating histories, real equipment, and deep familiarity with broker and shipper workflows. Fraud moved from impersonation-based schemes to the exploitation of trusted access.

Freight fraud has historically relied on surface-level deception — spoofed domains, altered paperwork, and fraudulent authority changes.

Those tactics still exist, but the risk shifted further into the load lifecycle in 2025.

In direct theft cases, the carrier often appears compliant at every checkpoint. The MC is valid. Insurance is active. Equipment matches records. The pickup proceeds without incident — until it doesn’t.

What changed is not documentation, but intent. In direct theft cases, the authority is valid and the access is real. The vulnerability emerges when historical reliability replaces ongoing validation.

‍

Why Direct Theft Increased in 2025

‍

Highway’s risk team identified a measurable increase in direct theft incidents alongside intensified regulatory and licensing scrutiny, particularly around non-domiciled commercial driver licensing.

Public audit findings reinforced the instability. More than 25% of non-domiciled CDLs in California were improperly issued, and approximately 17,000 CDLs were targeted for revocation.

As enforcement activity accelerated, risk patterns shifted. In multiple investigations, Highway observed carriers with long delivery histories and clean records executing direct thefts shortly before license expiration, revocation, or anticipated regulatory action.

Additionally, as onboarding and carrier vetting standards improved, bad actors shifted their focus to brokers who could not maintain identity verification, compliance best practices, and ongoing monitoring throughout the lifecycle of the load.

‍

How Bad Actors Are Using Trust Against You

‍

Direct theft is difficult to spot.

In most cases, perpetrators are either:

Impersonating a carrier you trust
Earning your trust before they break it

Carrier impersonation isn’t new. In 2025, compromised email inboxes and spoofing were among the top fraud vectors. What emerged in the second half of the year was the outcome — direct theft.

Bad actors are targeting trusted carriers using these tactics and waiting for the right moment to strike. If a fraudster gains access to a carrier’s inbox, they can steal your load — it’s that simple, and it’s preventable.

Some build credibility over time, running loads successfully, communicating quickly, and even accepting below-market rates to appear reliable. Then, at a critical moment, they take multiple loads, deviate from expected behavior, and disappear — proving that past performance isn’t a guarantee of current intent.

Without the ability to detect these signals — and a shift in broker practices — direct theft will remain a persistent threat.

Here are some common patterns we’re seeing:

Small changes to driver, dispatcher, or FMCSA contacts before theft
Hotspots in California and other states with non-domiciled licensing issues
High-value loads targeted: food and beverage, electronics, copper, protein powder, and cosmetics
Multiple thefts executed quickly by familiar carriers
Theft timed near license expirations or enforcement actions
Fraudsters using legitimate MCs, insurance, and equipment

The difference between a recoverable incident and a total loss often comes down to whether teams catch the earliest behavioral shifts and report immediately.

‍

How Brokers Reduce Direct Theft Risk in 2026

‍

You cannot control a carrier’s digital hygiene. However, you can eliminate the risk of theft due to compromised inboxes through the implementation and adoption of Secure Rate Con Delivery.

Reducing direct theft risk in 2026 starts with one mindset shift: treat every tender as a fresh verification moment, even with “trusted” carriers. Rogue carriers win when brokers assume that past performance guarantees today’s legitimacy. Direct theft requires disciplined operational safeguards:

Utilize Secure Rate Con Delivery. It eliminates risk due to compromised inboxes
Don't ignore signals. If a driver phone, email, or dispatcher name has been flagged before, pause and reverify - even if everything else looks normal.
Implement Load Compliance Standards. Alerts you to changes in behavior, digital footprint, or identity in real-time from tender to delivery.
Verify the full contact chain on every high-risk load. Driver phone, dispatcher email, VIN/plate, and any last-minute changes must match known records.
Report theft as soon as it happens. Timely reporting is the difference between a single incident and a multi-load theft run.
Enforce trust throughout the entire transaction. Past reliability doesn't eliminate today's risk.

In most cases, the signals of direct theft were present before the loss.

‍

The Strategic Shift Brokers Must Make

‍

The core message entering 2026 is simple, but foundational — trust must be validated at every stage of the load lifecycle.

Direct theft is harder to detect because it does not always trigger traditional fraud signals. It requires continuous monitoring of who is operating behind the authority.

For brokers, that means shifting from static carrier vetting to ongoing identity-first validation throughout the lifecycle of the load. It means watching for behavioral shifts, regulatory signals, and operational changes, not just expired documents.