Deployment expands the GoodShip platform beyond shippers to support carriers, brokers, and other logistics service providers
If you're based in the Chattanooga metro area, we invite you to come to the launch of our print magazine & 'Freight Alley' film launch party.
Cargo theft losses hit $725M in 2025 — and nearly half involved carriers brokers already trusted. Learn how lifecycle verification stops direct theft before it starts.
Cargo theft losses hit $725M in 2025 — and nearly half involved carriers brokers already trusted. Learn how lifecycle verification stops direct theft before it starts.
Freight fraud has evolved over the years as most organized crime does: it found the path of least resistance and stayed there.
For years, the industry's answer to cargo theft was better onboarding. Run the carrier through a compliance check. Verify the MC. Confirm the insurance. Check the box and move on. And those controls mattered. They still do.
But they’re no longer enough because the threat has moved.
Today’s most damaging theft events are happening in the middle of the load, after the rate con is assigned and before the freight hits the doc. The attackers aren’t always strangers; sometimes they’re carriers you’ve used a dozen times.
The rise of direct theft – carrier-involved theft, where a legitimate-looking or formerly-legitimate carrier goes rogue – is the defining fraud shift of the last 18 months.
By the end of 2025, direct thefts accounted for nearly half of all reported stolen loads, increasingly tied to carriers with legitimate operating histories, real equipment, and familiarity with broker and shipper workflows.
"Direct theft is the hardest to combat because these carriers were once trusted. There's no crystal ball to predict when someone with a clean history is going to break bad, and we're seeing the same playbook show up across channels," said Michael Grace, Vice President of Risk at Highway.
The financial stakes are rising to match. Estimated cargo theft losses jumped 60% to nearly $725 million in 2025, even as the number of confirmed incidents rose a more modest 18%. This is a clear sign that criminal groups are targeting higher-value freight with more surgical precision. The average theft now costs $273,990, up 36% from $202,364 in 2024.
The money is big enough to fund sophisticated, patient operations. And patience is exactly how direct theft works.
Here's the structural problem brokers are dealing with: the industry built its fraud prevention around the beginning of a carrier relationship, not the life of a load.
Onboarding checks are point-in-time. They tell you whether a carrier was compliant when you approved them, but not whether they're trustworthy right now, on this load, at this moment.
That gap is the attack surface.
Rogue carriers operate legitimately until they don't. Bad actors exploit the carrier's established reputation to book shipments, collect payments, or divert freight while appearing entirely legitimate on paper.
Trust inertia compounds the problem. Teams that have worked with a carrier before are less likely to scrutinize contact changes, reroute requests, or subtle behavioral shifts. Everything feels normal until the load disappears. Theft-by-deception groups are increasingly focused on misdirecting shipments tendered to legitimate carriers, sidestepping compliance controls that have traditionally centered on the tendering process itself.
The point-in-time approval model doesn't match real-world risk. Load risk changes hour-by-hour. The framework protecting it needs to match.
The brokerages seeing the sharpest reduction in theft exposure share a common structure, not a single tool, but a layered approach that maps controls to the actual lifecycle of a load.
At tender → Confirm the carrier can haul this specific load, not just that they passed a general compliance check. Validate dispatcher and driver contacts through a trusted identity source. Deliver the rate con through a secure channel, not an email attachment.
Before pickup → Monitor for behavioral signals: unexpected contact changes, unusual account activity, location anomalies. Highway recommends controls that verify the authorized carrier before tendering, validate dispatcher and driver contacts using trusted sources, confirm key identifiers and any contact changes, and require updated written authorization for reroutes and other in-transit exceptions.
At pickup and in transit → Verify the right truck shows up. Confirm equipment and driver identity match what was authorized. Watch for mid-transit reroute requests. A late-2025 emerging trend involves loads picked up legitimately, and then compromised mid-transit through spoofed calls or lookalike-domain emails requesting a diversion to a fraudulent drop location. Before a driver proceeds, any reroute should be verified through original trusted contact information and updated written and verbal authorization.
Each layer catches a different failure mode. Attackers look for the missing layer. When all three are present, there's no clean opening.
Highway's fraud data from 2025 shows a clear pattern: the breakdown isn't that the tools don't work. It's that they're not applied consistently.
In 2025, Highway blocked 1,986,995 fraudulent email attempts — up 117% from 914,719 in 2024 — flagged and blocked 8,525,962 fraudulent phone numbers, and issued 9,129 identity alerts across its network. Most of those threats had identifiable signals before they materialized.
The process leakage that converts a "manageable risk" into a stolen load is predictable: still emailing the rate con instead of using a secure delivery channel. Letting overrides become routine. Dismissing an alert because the carrier seems familiar.
As Highway noted, "Fraud thrives in gaps — between systems, communication channels, and data sources. When brokers rely on outdated or siloed tools, bad actors exploit the opacity."
"Freight fraud isn't just opportunistic anymore; it's coordinated and strategic. Attackers are gaining trust, mimicking legitimate behavior, and infiltrating networks through identity blind spots brokers and carriers don't even realize exist," said Grace.
Small misses compound into big losses. A single bypassed control doesn't sink a brokerage. A pattern of them does.
The mindset shift that separates high-exposure brokerages from low-exposure ones is to start with a different question.
The old question was: Do we know them?
The new question is: Does this load look normal — right now — for this carrier?
That shift changes how you treat exceptions, how you respond to alerts, and how you build habits across your team.
Fraud today punishes gut feel, and rewards verified reality. The brokerages building toward that standard are making themselves structurally harder to attack.
The goal isn't perfection. It's reducing attacker opportunity during the exact window they rely on: after booking, before delivery.
That window can be closed. The question is whether your workflow closes it before they find it or after.
Highway is the leading provider of Carrier Identity® solutions for freight brokers, delivering lifecycle protection from tender through delivery. Learn more at highway.com.
Deployment expands the GoodShip platform beyond shippers to support carriers, brokers, and other logistics service providers
The contract cushion brokers relied on is nearly gone. Here's what that means for your margins. Plus: FMCSA is pulling ELDs fast, Hormuz cracks open - barely, $821k ghost load scheme, and more.
Plus: Brokers return, Hormuz spikes rates, LTL stays stuck in a tough year, and more.
Stop babysitting freight. See how Kingsgate Logistics uses Chain AI to automate 93% of carrier messages and scale operational judgment.
Join over 14K+ subscribers to get the latest freight news and entertainment directly in your inbox for free. Subscribe & be sure to check your inbox to confirm (and your spam folder just in case).
