Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field CTO for EMEA.
In an article for TechRadar, Reilly explains that these scams have risen by 400% since 2022, and 50% of freight brokers name it as their top concern.
“Here’s how they work: Scammers pose as legitimate freight brokers or create fake transportation companies,” Reilly writes. “Using phishing emails, they gain access to shipment details – such as pick-up, destination, size, and scheduling. They then offer a lower rate than competitors for their services, in order to win contracts from unsuspecting businesses.
Once they secure the job, instead of transporting the shipment themselves, they pass it off to a legitimate carrier – often a real trucking company that believes it has been hired for a normal job. The scammer collects payment from the original client but never pays the actual carrier, pocketing the money and then disappearing – long before the fraud is discovered.”
Social engineering attacks are particularly effective against the shipping industry because business moves so fast and employees rely heavily on email for communication.
“Phishing is the go-to tactic for double brokering scams because it doesn’t rely on hacking technical systems – it preys on human error,” Reilly says. “A simple click on a malicious link or an unwitting disclosure of shipment details can be enough to set a scam in motion. Since email is so ingrained in the supply chain, it provides cybercriminals with an easy, high-reward entry point.”
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks.
“The foundation of any cybersecurity strategy is awareness,” Reilly concludes. “Phishing may be subtle, but it’s preventable. Employees must be trained to recognize the warning signs of fraudulent emails – such as unusual variations, where cybercriminals swap out characters or add extra words like "LLC" or "INC" to make an email look legitimate. When in doubt, always verify. A quick call to confirm the sender’s identity before sharing sensitive shipment information can prevent costly fraud.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
TechRadar has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
