🎣 19,000 Fake Loads Posted

On March 10, 2025, Transportation and Logistical Services, Inc. (TLS) had what seemed like just another Monday. That was until their phones started ringing off the hook. Confused carriers were calling about loads that TLS had never posted.

Hackers had taken over a TLS DAT account and flooded the load board with 19,000 fraudulent loads—causing mass chaos for both TLS and the carriers who unknowingly fell into the scam.

Here’s how it happened—and how brokers and carriers can protect themselves.

The Carrier Assure Report Card

A Simple Phishing Email Opens the Door

It all started with a phishing email.

An employee at TLS received an email that looked like it came from DAT, urging them to log in immediately.

The email contained a fake DAT login link, and once the employee entered their credentials, the hackers had everything they needed.

🔹 They stole the employee’s DAT and email login credentials.
🔹 They logged into the DAT account from an IP address in New York.
🔹 They had full control—and TLS had no idea yet.

“We’ve notified our employees to be more careful about what they click on when receiving possible phishing emails.” – Jennifer Nolan, Logistics Coordinator, TLS

We’ve covered these DAT phishing attempts before, and it’s critical to train your entire team to spot and avoid them.

Do Not Click on These DAT Phishing Scams

These types of email phishing scams designed to steal your DAT credentials aren’t new. However, the scammers are becoming increasingly sophisticated, which means DAT users need to be more careful.

FreightCaviarPaul-Bernard Jaroslawski

19,000 Fake Loads Flood DAT

Now in control of TLS’s account, the scammers moved fast, flooding DAT with 19,000 fraudulent load postings—all under TLS’s name.

• The loads listed fake email contacts, redirecting carriers away from TLS and straight to the scammers.
• The rates looked competitive, making them attractive to carriers.
• TLS had no idea their account was being used for fraud—until the calls started coming in.

“Carriers were asking us for information about loads they saw posted that we had no idea about.” – Jennifer Nolan

The Paperwork: How the Hackers Made It Look Real

Scammers knew that just posting fake loads wouldn’t be enough—so they backed them up with convincing paperwork.

• They took an old TLS rate confirmation from 2022 and altered it to match their fake loads.
• They created a fake TLS carrier packet, complete with stolen branding and documents.
• Carriers believed the paperwork was legit—because it looked like it came from TLS.

“The rate confirmations they sent to carriers had different fonts and alignment because they altered one of ours from 2022.” – Jennifer Nolan

Brought to You By FreightClaims.com

Managing freight claims across emails, spreadsheets, and carrier portals is a mess. FreightClaims.com brings it all into one centralized system. Track, manage, and resolve claims efficiently from a single platform.

Phones Explode, System Crashes

By 8:15 AM, TLS’s Birmingham and Dallas offices were under siege—not from hackers, but from thousands of phone calls from confused carriers.

• Carriers were calling nonstop, asking about loads that didn’t exist.
• TLS’s phone system became so overwhelmed it crashed.
• The team quickly realized that their DAT account had been compromised.

“We received so many calls, it shut down our phone system.” – Jennifer Nolan

DAT Blocks the Account—But Not Before the Damage Was Done

Once TLS realized what was happening, they immediately contacted DAT for help. DAT acted fast, shutting down the compromised account and restricting admin access.

• DAT identified that the account was being accessed from New York (instead of Texas).
• They restricted access to prevent further postings.
• But by then, some carriers had already picked up and delivered loads.

“DAT’s response was great. They acted very quickly to help us disable the jeopardized account.” – Jennifer Nolan

The Aftermath: Fake Loads Delivered, Money Lost

At least two carriers had already picked up and delivered loads, thinking they were working with TLS.

Another carrier requested a Truck Order Not Used when they realized something was off.

“We know of at least two carriers that picked up and delivered loads.” – Jennifer Nolan

Better Back Office Putting with Epay Manager

Epay Manager is giving away a brand new Scotty Cameron putter at the TIA Capital Ideas Conference in San Antonio!

• Want to win a Scotty Cameron putter? Follow Epay on LinkedIn and drop your business card at our booth for a chance to win!
• We will draw the winner’s name LIVE on Epay’s LinkedIn immediately following our Learning Lab at TIA 2025 Capital Ideas; you don’t have to be present to win.
• Visit us at Booth 603 to chat with the Epay team!

What TLS Did Next

After securing their account, TLS took action to prevent this from happening again and to warn others.

• They posted alerts on Facebook and their website, so any affected carriers could see that TLS was also a victim.
• They warned employees to be more cautious with emails and phishing attempts.
• They called for stronger cybersecurity measures across the industry.

“We posted a notification on our Facebook page and our website, so if anyone who was a victim of the fraudulent activity searched for us, they would know we were also a victim.” – Jennifer Nolan

Lessons for Brokers & Carriers

For Brokers:
1. Train employees to recognize phishing scams—these attacks start with one wrong click.
2. Enable multi-factor authentication (MFA) for DAT and other key platforms.
3. Regularly monitor load postings to catch suspicious activity early.

For Carriers:
1. Always verify loads with the broker before committing.
2. Scrutinize rate confirmations—inconsistencies in fonts, alignment, or missing details can be red flags.
3. If the broker stops answering calls after booking a load, it’s a scam.

“If it seems too good to be true, it probably is.” – Jennifer Nolan

Final Thoughts: Is the Industry Doing Enough?

TLS took the right steps once they discovered the breach, and DAT responded quickly—but this attack raises bigger questions.

Why was a single hacked account allowed to post 19,000 loads in such a short time?

Should load boards have automated fraud detection for abnormal activity?

As cargo theft and fraud continue to rise, the entire industry needs stronger defenses to prevent attacks like this before they happen.

Brokers vs. Fraudsters: The Data War One Company is Winning

Every fraudulent load stopped is a win. But the goal isn’t just stopping fraud...it’s eliminating bad actors from the system entirely.

FreightCaviarAdriana Pulley

FREIGHT HUMOR