Face-to-Face with Fraud: Prevention & Best Practices for The Logistics Sector
By: Brooke Hardington
With inputs and relevant information provided by: Helix Logistics
Introduction
Has anyone ever stolen your identity to access your personal information? Sadly, the likely answer is yes. Identity theft is so prevalent in America that it reportedly claims a new victim every 22 seconds. Over 30% of Americans report facing some form of identity theft in the past 12 months alone.
“Report Finds Americans Have Lost $2,600+ to Scams in Their Lifetime.” IPX1031, IPX1031 Insight Blog, 2024, www.ipx1031.com/fraud-and-identity-theft-in-America.
In October 2024, our company – a trusted third-party logistics provider – was the victim of an elaborate identity theft scheme orchestrated by an international cybercriminal. This criminal pretended to be an employee, sending out fraudulent emails with forged signatures and company logos in order to create fake load bookings. They targeted inexperienced carriers, selling freight at inflated prices, and misleading shippers. Upon discovering the scam, we took immediate steps to protect our reputation and initiate damage limitations.
This white paper examines the modern cybersecurity landscape, detailing the company’s response, highlighting actions taken to safeguard affected parties, and outlining lessons learned to further strengthen security and protect against future threats.
Understanding Fraud in The Digital Age
In 2023, the Federal Trade Commission released data revealing that consumers had lost over $10 billion due to fraud (+14% from $8.9 billion in 2022). As of this writing, the Federal Trade Commission reported that fraud losses in 2024 were on track to exceed 2023 numbers. These are estimates only, with the actuals likely to be even higher. Identity theft comprises a significant percentage of these losses – a trend that was likewise true in 2023, when imposter scams cost consumers $2.7 billion.
The takeaway is clear. As our lives, identities, and businesses increasingly go digital, cybercrime is on the rise. And with tools like artificial intelligence (AI) reshaping industries and changing how companies do business, fraud is likewise evolving.
“Explore Data: Data & Visualizations.” Consumer Sentinel, The Federal Trade Commission, 2023, www.ftc.gov/news-events/data-visualizations/explore-data.
One of the most popular tools in the cybercriminal’s arsenal today is the deepfake, a sophisticated form of identity theft whereby a scammer uses AI to create a fake image, video, or audio recording. According to Sumsub, a leading identity verification service, deepfakes have increased tenfold from 2022 to 2023. Instead of targeting technical systems, deepfakes manipulate real people by preying on human vulnerability. They are central to modern business scams, because they have the power to mimic executives and thus trick employees into authorizing phony transactions or divulging company information. Crucially, deepfakes can even hoodwink traditional facial recognition systems, undermining trust in such forms of identity verification.
Just as fraud is on the rise globally, our increasingly interconnected society means that fraud is reaching new levels in the logistics sector. In 2024, CargoNet reported a 46% increase in cargo theft incidents within the first quarter of the year, compared to 2023. Rather than raiding or targeting freight at drops, thieves are using advanced technologies to deceive shippers, brokers, and carriers into handing over goods – a type of theft referred to industry-wide as strategic cargo theft. Broadly speaking, other types of fraud common to the logistics sector include:
Financial fraud, when a criminal employs misleading or deceptive strategies to steal capital or assets
Identity fraud, when a criminal steals and misuses an individual or company’s personal information
Internal fraud, when an employee from within the company uses their position to steal from, or harm the business
Data fraud, when a criminal accesses a database to steal and misuse valuable data (i.e. employee numbers, or customer, carrier, and stakeholder information)
The Fraudulent Scheme: A Breakdown
As mentioned in the introduction, our company was a victim of identity fraud in October 2024.
A cybercriminal (appearing to work alone) bought altered domain names that mimicked our legitimate domain and internal email addresses. They created fake rate confirmations, replicated our company logo, and forged email signatures. Pretending to be a company employee, they deceived shippers and carriers into buying freight at significantly inflated prices, driving 77 known cases of fraud within a 3-week period. Once carriers accepted the loads, the thief provided fake proof of delivery (POD) documents and quickly made off with payment from factoring companies. But the scheme began to unravel when the legitimate carriers reached out to our company, claiming they had not been paid for the freight. Simultaneously, we received a tip-off from a customer flagging a suspicious email they’d received.
Upon utilizing Office 360’s built-in tools to double check that no internal emails were compromised, we traced the cybercriminal by conducting a reverse lookup of the fake email domain registrar, which was listed with Namecheap.com. We also ran mail traces from our admin portal to follow the message trail, but this only led back to Namecheap’s email servers. Next, we identified and reported the domain names, asking Namecheap to shut them down.
We consulted with cybersecurity experts, who submitted the case with the FBI’s cyber fraud department, and advised us to continue reporting the fake email domains to Namecheap. While the only way to immediately halt such a scheme was to buy and register all domains that looked even remotely similar to our own – this wasn’t a viable option given the hundreds of possible domain names. Eventually, the fraudster became frustrated with buying new domain names to keep the scheme afloat, and they moved on.
In the aftermath, our immediate priority was resolving the issue for all parties. We took care to outreach the carriers who had been scammed, connecting them with the correct shipments, contacting the shippers directly, and personally overseeing payment. By identifying the fake load bookings and communicating transparently with all parties involved, we were able to recover the legitimate shipments.
While our company acted quickly to mitigate the impact of the scam, this incident highlighted several areas for improvement within our security protocols. As we learned firsthand, identity fraud is much harder to stop than it is to prevent in the first place.
Lessons Learned & Future Prevention
The growing sophistication of fraud across industries requires stringent security strategies. In the logistics sector, there are technological solutions we can, and should, implement to counteract this growing threat.
Strengthen Verification Systems:
Strengthening internal security protocols should be the first step. Wherever possible, experts recommend using solutions that incorporate multifactor (MFA) or two-factor (2FA) authentication, which are significantly more difficult to compromise. There are a few ways to strengthen multi-factor authentication, including:a) Use time-based codes. These are numerical keys that expire after an elapsed time (usually 5 minutes or less). They are unique upon each log-in, making them more secure than an email or SMS code.
b) Implement adaptive authentication. This dynamic layer of security accounts for factors such as the location, device, network, and time of log-in to determine the likelihood of fraud. Say, for example there’s a log-in coming from Bosnia in the middle of the night. Adaptive authentication will raise the alarm.
c) Leverage encryption & verification. Encryption refers to the scrambling of data so that only you and the intended recipient can understand it. Verification checks proof of identity to ensure a person is who they claim to be.Leverage Tools to Prevent & Protect Against Fraud:
Generative AI has made it more difficult to detect scams. But just as AI possesses great capacity for harm, it can be employed to safeguard businesses and individuals. For instance, Data Science Central notes AI’s capacity to process information at great speed and thus identify even minor instances of fraud. Furthermore, AI predictive models are able to speculate on possible instances of fraud before they’ve even occurred. Such models are unique in the category and are consequently projected to skyrocket in value within the decade.Another option is for companies to work alongside partners and experts in the field to better protect themselves against cybercrime.
Foster Collaboration with Law Enforcement and Cybersecurity Experts:
No single business or individual can stop cybercrime by itself. But working hand-in-hand with law enforcement and industry experts helps predict and prevent instances of cybercrime. Building relationships fosters trust. Partnered organizations will be able to lean on each to prevent potential breaches and share resources. Hence, moving forward, our company is working closely with cybersecurity experts to bolster our defenses against future threats.As of 2024, the World Economic Forum compiled its first Cybercrime Atlas Impact Report, a global knowledge base dedicated to providing the public and private sectors with cybersecurity insights. This builds on the previously launched Partnership Against Cybercrime (PAC), an initiative encouraging cooperation between the private sector and law enforcement as a means of combating cybercrime. Today, the Cybercrime Atlas is open to organizations.
Host Internal Trainings to Educate Employees:
Employees are the frontline of any agency, and thus invaluable in fraud detection. According to the Association of Certified Fraud Examiners’ (ACFE) 2024 fraud report, 50% of fraud tips came directly from employees in 2024, with nearly a third of tips coming from vendors and customers. The association’s research further shows that organizations with internal anti-fraud training programs experience lower losses of fraud, compared to their counterparts.In the wake of the identity theft scheme, our company has launched an internal training program aimed at educating employees and partners about identity theft and fraud.
Plan for Contingencies:
No system is foolproof, and companies should have contingency plans in place. Consider stocking higher inventory than usual, or leveraging multiple warehouses spread out across locations to limit damage in case of disruption or emergencies.Speed and preparedness are essential when dealing with theft. Companies should establish post-theft protocols, delegating responsibility to trusted individuals, and developing appropriate contact lists (federal agencies, local police, insurance, etc.) so that they can be ready to act quickly in the moment. In the event of freight loss, some services, like CargoNet, can help recover stolen goods.
Best Practices to Combat Fraud in The Logistics Sector
Companies and employees alike must be vigilant in safeguarding against fraud.
Given the growing prevalence of AI-specific scams, experts recommend the 3A approach: Immediately upon message receipt, Assess the message, Analyze audio-visual elements to check for unusual activity, and Authenticate the source. A good preventative measure is to limit the amount of personal information shared online, effectively minimizing data that can be used for harm. Additionally, be sure to verify suspicious communication through a separate channel – for example, calling the message sender – before acting.
“Advisory on Detecting and Responding to Deepfake Scams.” Cybersecurity Agency of Singapore, CSA Singapore, 22 Mar. 2024, www.csa.gov.sg/alerts-and-advisories/advisories/ad-2024-006
Within the logistics sector, we collaborate with numerous different parties to ensure the efficient flow of goods, but more touch points mean more opportunities for thieves to take advantage. For this reason, it’s crucial that logistics professionals follow best practices to safeguard against fraud.
The Transportation Intermediaries Association (TIA) is working tirelessly to fight fraud. In 2024, they published a comprehensive framework to assist logistics and transportation professionals in managing risk. Some highlights include:
Properly vet carrier networks. Always ask carriers for insurance and operating authority. Verify this information through company databases and with the U.S. Department of Transportation Federal Motor Carrier Safety Administration.
Check carrier safety rating with the FMCSA’s Safety and Fitness Electronic Records, and avoid working with carriers who have an “Unsatisfactory” rating. It’s a good rule of thumb to double check this information every so often, in order to maintain high operating standards. Similarly, practice due diligence in conducting carrier background checks.
Utilize network resources. TIA offers a “TIA Watchdog” service, through which companies can review carriers and flag anyone engaging in suspicious activity.
Always ask for carrier information, such as a driver’s license and vehicle registration, to proactively share with shippers in case of emergencies.
Communicate transparently with shippers, sharing relevant carrier information, verifying pickups/deliveries directly, and educating them on potential red flags.
Consider implementing track-and-trace technology to monitor goods in real time and oversee delivery status.
Future Trends & Predictions in Cybercrime
Cyber fraud is complex and ever-evolving. Per Cybersecurity Ventures, cybercrime was projected to cost $9.5 trillion globally in 2024, and that number is rising annually. But knowledge is power; staying abreast of trends and developments will help individuals and businesses protect themselves. Listed below are five trends predicted to impact the cybersecurity space moving forward.
AI-powered cybercrime: AI has democratized cybercrime, driving the proliferation of deepfakes and enabling even inexperienced criminals to launch attacks. As recently as 2024, the FBI warned consumers to be aware of the potential risks of AI-powered cyberattacks. Fighting fire with fire (or in this case, AI with AI) may be the best strategy. Here, the United States Cybersecurity Institute recommends the five best AI cybersecurity tools.
Susceptibility of the “Internet of things” (IoT), or appliances and everyday objects: Everything from your Alexa to your trusty iPhone is connected to the Internet, and PrivateInternetAccess warns that data from smart home devices can be compromised. Take care to secure these devices by using different passwords and regularly updating software.
Ransomware attacks: Ransomware, or the use of malicious software to infect computers and block user access until a “ransom” is paid, has become a growing problem. Blockchain data platform Chainanalysis said that 2023 was “a watershed year for ransomware,” as ransomware payments soared to $1 billion. Because ransomware is commonly delivered through phishing emails, America’s Cyber Defense Agency recommends running phishing training for employees, as well as frequently backing up systems. The latter means users can restore computers to previous backups in case of ransomware attacks.
Potential Emergence of Quantum Computers: Today, quantum computers – or computers powered by quantum physics that explore complex scientific problems – exist, but don’t pose a threat. However, experts theorize that future iterations of quantum computers could be able to break encryption codes, per American Scientist. Researchers are aware of this potential threat, and Microsoft’s Tech Community released a blog post detailing its post-quantum cryptography (PQC) algorithms. Experts are navigating the potential threat posed by quantum computers, but PQC algorithms also come with challenges to existing systems…for now.
Cryptocurrency-related crimes: Cryptocurrency theft was previously niche to Bitcoin and the fintech industry. As of 2024, Chainanalysis notes that crypto crime is diversifying across sectors as criminals turn to cryptocurrency to finance a broader variety of crime.
Such cyber threats may fall outside the normal scope of what employees and companies will realistically experience, but at the very least, it’s helpful to stay aware.
Conclusion
According to the FBI’s Internet Crime Complaint Center, instances of cybercrime are increasing and progressively having a costlier impact on consumers (+10% in complaints; +22% in losses in 2023 compared to 2022). Consumers are responding – 85% of people surveyed in a 2024 Deloitte survey said that they had taken at least one action to strengthen cybersecurity – but this threat is only worsening.
We remain committed to protecting our reputation and the interests of our clients and partners. Despite challenges posed by our own experience with identity theft, our proactive response demonstrates our commitment to upholding the highest standards of integrity, transparency, and customer service. Not only have we strengthened security measures to protect against a repeat offense, we hope that this white paper can be a helpful resource to partners and fellow third-party logistics brokers aiming to protect their operations from increasingly sophisticated cyberattacks.