fleetfax RESEARCH / FRAUD

The thief books the load

Cargo theft has gone white-collar. The load is stolen on paper, with a borrowed carrier identity, a purchased MC number, or a hijacked registration account, before a truck ever moves. The numbers behind the shift, and fourteen years of federal warnings that saw it coming.

PUBLISHED JUNE 23, 2026 8 MIN READ fleetfax MARKET ANALYSIS

The load that disappears today was usually stolen days earlier, in an inbox. Somebody booked it under a name they did not own, using contact details that led back to nobody. A real truck showed up, real paperwork got signed, and the freight rolled away looking legitimate to everyone at the dock.

Theft moved upstream of the truck

Through the 2010s, cargo theft mostly meant straight theft: trailers pulled from truck stops and unsecured yards, locks cut, freight gone by morning. Verisk CargoNet, the industry's main theft-reporting network, puts what it calls strategic theft, deception rather than bolt cutters, at about 8% of cargo theft in 2020. By the end of 2024 it was about a third.

Scott Cornell, who leads the transportation practice at Travelers, dates the turn precisely: "Between 2020 and 2022, cargo theft in the US fundamentally changed: how it's done, where it's done, and who does it." Freight procurement moved fully online during the pandemic, and the crime followed it there.

Reported theft losses tripled in three years

Estimated total cargo-theft losses reported to CargoNet, US and Canada · Verisk CargoNet annual analyses

$223M2022$332M2023$455M2024$725M2025+60%in one year
These are reported-incident totals, a floor rather than the whole market. ATRI's survey-based estimate of the industry's full annualized cost runs as high as $6.6 billion, more than $18 million a day.

The striking part is what did not grow. CargoNet logged 3,594 supply-chain crime events in 2025, essentially unchanged from the year before, while estimated losses rose 60% and the average loss per theft jumped 36%, to $273,990. Fewer gambles, better-chosen targets. "Criminal enterprises are becoming more selective and sophisticated," is how Keith Lewis, CargoNet's VP of operations, summarized the year, "targeting extremely high value shipments rather than relying on opportunistic theft."

Four plays on the same asset

The fictitious pickup. A fraudster answers a load posting as a legitimate carrier, from a lookalike email domain, with a phone number that rings at the thief's desk. The broker's checks come back clean, because the carrier being checked is real; it just is not who they are talking to. CargoNet counted fictitious pickups at roughly 66 per year across 2012 to 2022. In 2023 it counted 576.

The play that grew ninefold

Fictitious pickups reported to CargoNet, per year · Verisk CargoNet

≈66/yr2012–2022 average(reported to CargoNet)5762023(single year)≈9×the decade average
Identities are treated as disposable. The ring a Chicago federal court sentenced in May 2026 ran 11 aliases through roughly 90 stolen loads worth $10.1 million, abandoning each identity after about a month, before its reputation could catch up with it.

The purchased authority. Some identities are not stolen at all; they are bought. Dormant carriers and retiring owner-operators sell their MC numbers openly, and the buyer inherits everything attached: the grant date, the clean inspection history, the years of on-time deliveries that vetting systems reward. Transport Topics documented one such case in which a sold authority was used to walk off with a $3.5 million electronics load. Highway's fraud index for the first quarter of 2026 flagged 399 carrier ownership changes, up 170% year over year, and tied roughly half of theft incidents to carriers with legitimate MC numbers and clean records. The clean record is the product. The oldest version of this play, the carrier shut down for cause that reopens under a fresh USDOT number, is one we have measured separately in the federal record: those reopened carriers already crash at 3.6 times the rate of a typical new authority.

The stolen load usually exits through double brokering: re-posted to a load board and hauled by an unwitting, legitimate carrier while the middleman disappears with the freight or the payment. TIA's president told Congress in 2023 that the fraud epidemic was costing brokers, carriers, and shippers around $800 million a year, and most estimates have grown since.

The hijacked registration. The most direct version skips impersonation and takes over the government record itself. Phishing or social engineering yields a carrier's federal login or PIN; the fraudster then edits the carrier's contact information inside the registration system, so that a broker who diligently calls "the number on file" reaches the thief. FMCSA maintains a warning page describing exactly this scheme. NMFTA's 2026 cybersecurity report attributes the sharpest regional theft spikes of late 2025, up 110% in New Jersey and 33% in eastern Pennsylvania year over year, to organized groups that "impersonate carriers, hijack Federal Motor Carrier Safety Administration (FMCSA) accounts, and manipulate load tenders."

The calendar. The plays cluster where the response will be slowest. Loads staged early for a long weekend, skeleton crews at the dock, and a receiver who will not miss the freight until Tuesday give a fraudulent pickup a multi-day head start.

The holiday window, measured

Average cargo thefts per day around the July 4th holiday · Verisk CargoNet holiday advisories

42013–22 avg82023102024112025
Year-end is worse still: CargoNet counted 49 incidents in the 2020 year-end window and 89 in 2024, up 82%, at an average of $347,334 per incident.

Fourteen years of warnings

None of this ambushed the government. In 2012 the Government Accountability Office published a study titled, in full, "New Applicant Reviews Should Expand to Identify Freight Carriers Evading Detection" (GAO-12-364). It counted new registrants with "chameleon" attributes rising from 759 in 2005 to 1,136 in 2010, found that 18% of them went on to be involved in a severe crash versus 6% of other new applicants, and totaled the human cost of that six-year window at 217 deaths and 3,561 injuries. Its central recommendation was to extend FMCSA's identity-vetting program, then covering only passenger and household-goods carriers, to freight, "as soon as possible."

Freight carriers, 98% of new applicants, never got that screen, and the machinery built to close the gap kept failing quietly. The civil penalty for evading regulation started at $200, less than the $300 it cost to apply for authority in the first place. The Unified Registration System, finalized in 2013 partly to re-verify existing registrants, launched its first phase in 2015 and was suspended indefinitely for existing carriers in 2017. In 2019 an administrative law judge ruled, in a case involving a family found to have serially reincarnated carriers, that FMCSA lacked the authority to fine such operations administratively at all, voiding roughly $125,000 in penalties and leaving referral to the Justice Department as the agency's only route. And when eight members of Congress asked DOT's Inspector General in 2023 to stand up a permanent freight-fraud task force, the OIG's reply disclosed that it had investigated 13 double-brokering cases in the preceding five years, and declined.

The paper trail

Federal responses to carrier identity fraud, 2008–2026

2008Sherman, TX bus crash:17 killed by a chameleon2012GAO: extend vetting tofreight "as soon as possible"2015URS launches fornew applicants2017URS suspended forexisting carriers2019Riojas ruling voidsFMCSA's fraud fines2023Congress asks OIG for atask force; OIG declines2026Motus: ID checksfor new applicants
Red marks the reversals: the system meant to re-verify existing carriers was suspended in 2017, and a 2019 ruling stripped FMCSA's power to fine registration fraud administratively.

The front door closes in 2026. The side door stays open.

The response finally arrived in this cycle. FMCSA's new registration system, Motus, requires identity proofing for new applicants: a government ID captured and matched against a live facial scan, mandatory since April 2025, with business-identity verification of names, addresses, and officers added later that year and multi-factor login across the agency's systems. In February 2026 a Senate bill aimed squarely at fictitious pickups, double brokering, and hostage loads was introduced, and the FBI issued a public advisory on cyber-enabled cargo theft. The early returns are real: the first quarter of 2026 brought the first year-over-year decline in cargo theft since 2021, reported by Overhaul and corroborated by CargoNet.

The caveat sits in FMCSA's own description of the rollout: identity verification applies to new applicants automatically, while the roughly 800,000 existing registrants are verified "when users access the new system for the first time." An account nobody logs into keeps whatever identity it always had. And inside that improving quarter, deceptive pickup schemes still rose 31%. When the front door gets a guard, the value shifts to what is already inside: carriers with years of clean history, whose identities can be borrowed, bought, or taken over. Highway's index recorded an 89.6% year-over-year rise in carrier identity theft in the same quarter.

The asset being stolen is no longer the trailer. It is the history: a believable carrier identity, years in the making, worth more per pound than most freight.

What the public record can and cannot see

Honesty about limits first. The transaction layer of this fraud is invisible to public data: the load-board bid, the spoofed email thread, the delivery address that changes mid-route all live in private systems, and no federal dataset records a stolen load until long after it is gone.

What the public record does see is the identity layer every play has to touch. A "new" carrier that lines up with a for-cause-revoked predecessor. An authority granted, revoked, and reinstated inside a few months. An ownership or contact change on a carrier whose record was spotless precisely because someone else built it. The phone number and email a carrier actually filed with the government, against which the number in an email thread can be checked. These are the marks the schemes above leave in the federal record, and they are checkable by anyone, for free, before the truck is loaded.

The habits that follow are unglamorous. Verify contact details against the federal record rather than the email thread that initiated the booking. Treat vetting as perishable: a carrier checked at onboarding six months ago may since have lapsed, changed hands, or changed phone numbers, and the day to notice is the day of tender. And widen the margin before long weekends, when the response window the schemes depend on is at its widest. That discipline is what the fleetfax carrier report is built around: the whole federal record on a carrier, free, current the day you pull it, with the identity patterns above surfaced as cautions for a human to weigh. The fraud has to touch the public record somewhere. The question is whether anyone looks.

Sources & basis notes

  • Theft volumes and losses: Verisk CargoNet annual trend analyses (2022, 2023, 2024, and the 2025 analysis published January 2026), Q1 2026 trend report, and CargoNet holiday advisories (July 4th 2025, Thanksgiving 2025, year-end 2025). CargoNet totals are incidents reported to its network: a consistent series, but a floor on the true total. The strategic-theft share (8% in 2020 to about a third in 2024) is Verisk's own characterization.
  • Industry-wide cost: American Transportation Research Institute, October 2025: annualized cost "as high as $6.6 billion, or more than $18 million per day." Survey-based estimate across the industry; a different basis from CargoNet's reported totals, which is why both are quoted.
  • Regional spikes and FMCSA account hijacking: NMFTA, 2026 Transportation Industry Cybersecurity Trends Report (December 2025), drawing on CargoNet Q3 2025 data. The New Jersey (+110%) and eastern Pennsylvania (+33%) figures are Q3 2025 year-over-year and differ from CargoNet's full-year state figures.
  • Chameleon carriers and crash outcomes: GAO-12-364 (March 2012), tables 1 and 2: chameleon-attribute registrants by year, severe-crash and fine rates, 2005–2010.
  • Enforcement history: DOT OIG letter CC2023007 (August 22, 2023) on the proposed fraud task force; the 2019 administrative ruling on FMCSA's civil-penalty authority; FMCSA's public fraud-warning page on registration-account takeover.
  • Motus rollout: Federal Register, 91 FR 23144 (April 29, 2026), including the "approximately 800,000 existing registrants" figure and first-login verification design.
  • Cases: United States v. Zigmantas, N.D. Ill. (sentenced May 2026; DOJ figures: ~90 loads, $10.1M stolen, $14.6M attempted, 11 aliases). The sold-authority electronics theft was reported by Transport Topics (2026).
  • Named industry figures: Highway Q1 2026 Freight Fraud Index (identity theft +89.6%, ownership-change flags +169.6%, clean-record involvement ~50%); TIA president Anne Reinke's May 2023 House testimony ($800 million). Vendor indices count what each vendor screens; they are directional, not census.

Using this research

Free to quote and republish figures with credit to fleetfax research and a link to the article. For methodology, underlying data, or questions: [email protected].

Unlike most fleetfax research, this report synthesizes federal documents and industry-published data rather than fleetfax's own dataset; every external statistic belongs to the named organization and reflects its reporting basis. Aggregate figures describe reported incidents, not all theft. fleetfax reads public FMCSA data and is not affiliated with FMCSA or the U.S. Department of Transportation. This analysis is information, not legal advice.