Transactions involving “ghost carriers” are increasingly emerging on online marketplaces and social media. (AI assisted transportation topic)
key takeaways:
- Fraud now plays a role in approximately 45% of cargo theft cases, often involving impersonation of legitimate carriers.
- Standard broker vetting checks may miss identity acquisition because authorization, insurance and contact details still appear to be valid.
- Brokers are moving toward continuous and load-level monitoring to detect suspicious behavior after freight is shipped.
Brokers rely on a familiar checklist to vet carriers: active authorization, valid insurance, clean safety records and verified contact information. Increasingly, that process is not enough.
In one recent case, a carrier that passed those checks picked up a load of computer equipment, then moved off the route. $3.5 million worth of merchandise was destroyed within a few hours.
The certificates were valid. There was no company.
For brokers, such changes are becoming increasingly difficult to detect and occurring rapidly.
“You can use a carrier for years,” said Robert Loring, president of the brokerage. TGR Logistics. “At six months, they go south and sometimes you don’t know about it for days or weeks. All of a sudden, they get worse and get worse quickly. It’s a constant struggle.”
Strategic cargo theft involving fraud and impersonation is evolving to exploit the systems that brokers rely on to establish trust, allowing bad actors to assume the identity of legitimate carriers and move cargo before anyone realizes that something has changed.
At the heart of the problem is a mismatch: Investigation systems designed to confirm static information are now being tested by fraud schemes built on rapid identity changes.
scam process
One of the fastest growing threat vectors involves so-called ghost carriers, entities that assume the identity of legitimate trucking companies. Scammers don’t just obtain MC numbers; They often take control of the associated phone numbers, email addresses, and Federal Motor Carrier Safety Administration credentials, giving them everything they need to pass standard verification checks.
In fact, they are not creating new companies. They are inheriting an existing digital footprint.
Industry experts say these transactions are increasingly being exposed on online marketplaces and social media channels, where brokers and carriers might never see them until something goes wrong.
Cox Fleet’s Kevin Clark discusses how fleets must rethink their maintenance strategies to remain efficient and flexible. Tune in by going above or RoadSigns.ttnews.com.
Criminals often target carriers whose insurance coverage is about to expire, usually within 30 to 90 days. At that time, operators already facing weak freight rates and rising costs may choose to exit the business rather than renew coverage.
Rather than shut down quietly, some accept buyouts, sometimes for just a few thousand dollars, transferring their rights and control of digital assets in the process.
Once the transfer is complete, the new operators can begin impersonating the parent company. On paper, nothing looks in order: authorization remains active, contact information works and third-party verification checks still pass.
To a broker running a standard screening process, the carrier still looks like the same company it was a few weeks ago. However, the underlying reality may be completely different.
Why do brokers forget this?
The challenge for brokers is that many traditional warning signals never appear. There are no obvious lapses in authority, no immediate lapses in insurance, no disconnected phone lines or mismatched email domains.
The carrier looks legitimate until it isn’t.
Keith Lewis, vice president of operations for Verisk CargoNet, said that purchased MC officers have become one of the most fraudulent trends, adding that about 45% of the firm’s cargo theft cases involve fraud.
That dynamic has prompted regulators to begin addressing the issue. In March, FMCSA issued a bulletin warning carriers not to buy, sell, or lease USDOT or MC numbers. The notice is part of the agency’s broader registration modernization initiative, which includes the Motus platform and the eventual phasing out of MC numbers in favor of USDOT identifiers.
Still, enforcement remains uneven, and the distinction between legitimate asset sales and fraudulent identity transfers is not always clear.
In practice, brokers are often left to make decisions in real time based on incomplete or outdated information, a weakness that fraudulent rings have learned to exploit.
A recent case analyzed by Genlogs shows how quickly these plans can move.
The incident began when a carrier, Hilder Herd Transport, sold its MC number and digital assets. With those credentials, the new operators were able to present themselves as a legitimate carrier and secure high-value loads of computer equipment.
From the broker’s perspective, the checks have cleared. The carrier’s authority was active. Contact information matched. Nothing interfered with the standard testing process.
The plan moved forward from there. The load was double-brokered using another MC number under the control of the fraud ring and redirected from Cincinnati to Anaheim, California, using an unexpected legitimate carrier.
Once in transit, the shipment was transferred to another truck parked on a public road – this transfer was inadvertently captured on video. Within hours, approximately $3.5 million worth of goods went missing.
The speed of that sequence is what makes these cases difficult to stop. By the time discrepancies are discovered, the freight is often out of reach.
Looking back, Genlogs’ data showed several warning signs in the weeks leading up to the theft. The trucks associated with the MC numbers were no longer operational, suggesting that the business had effectively become defunct. At the same time, the carrier began bidding on cross-country load outside its historical footprint, despite previously operating regionally.
Available imagery also indicates that the carrier lacks the equipment needed to transport sensitive freight, another indication that the operation on paper does not match real-world capabilities.
Individually, those indicators would not have prevented the load. Together, they pointed to a carrier behaving far outside its normal operating patterns, a change that traditional investigative processes are not designed to consistently capture.
“The information was there. It was highlighted in red,” said Ryan Joyce, CEO of Genlogs. “This was not a failure of the software. This was a failure of someone looking at the information and deciding to proceed anyway.”
stay ahead of danger
For brokers, staying ahead of this type of activity requires more than a periodic check.
Carriers may recheck several times a year, especially during insurance renewals, but those periodic reviews provide only a snapshot. In an environment where ownership and control can change rapidly, static testing can quickly become obsolete.
As a result, brokers are combining multiple systems together to close those gaps.
Platforms like GenLogs, Highway, RMIS, and SaferWatch provide overlapping forms of verification, from compliance monitoring and identity verification to real-time operational data. Yet each additional layer of scrutiny has inspired new solutions to circumvent the fraud ring, turning the investigation into an ongoing arms race.
However, technology alone is not enough.
The effectiveness of these tools ultimately depends on how they are used, and whether the signals they generate are acted upon. As the Genlogs case shows, detection and decision making are separate steps, and failure in the second step can be costly.
For example, TGR Logistics combines multiple compliance platforms with GPS tracking to confirm that loads remain where they should be. In a recent case, a truck deviated from its expected route shortly after pickup, forcing the driver to make an urgent call before the situation escalated.
Such intervention reflects a broader change in brokers’ approach to risk.
Rather than relying solely on whether a carrier checks at the time of onboarding, more attention is being paid to whether a load continues to behave as expected once it is in motion.
Industry officials say this change is not just to validate credentials at the carrier level, but to monitor behavior at the load level.
“The days of setting your carrier selection criteria checklist and moving on are over,” said Michael Grace, vice president of customer risk management at Highway. “We are now looking at load-level compliance.”

