You’re mid-day, juggling loads, and a text comes in: “Your DAT account has been flagged. Verify your credentials here to avoid suspension.” It looks real. The link looks right. It feels urgent. You tap it.
This is exactly what attackers are counting on.
People trust texts. A text feels personal. It feels direct. People tap texts (19–36%) far more readily than they click email links (2–4%) and the average American now receives 41 spam texts per month.
Mobile phishing (targets Email, web browsers, malicious apps, SMS, or social media platforms) and Smishing (targets SMS, RCS, iMessage, or third-party messaging apps like WhatsApp) are social engineering cyberattacks that use deceptive text messages to trick victims into revealing sensitive information, clicking malicious links, or downloading malware. These account for 35% of all phishing attacks and surged 40% year-over-year, making it one of the fastest-growing vectors in the threat landscape. Freight brokers are one of their high-value targets!
The numbers behind smishing
U.S. and Canadian freight brokers, along with transportation and logistics companies, have been singled out by the FBI as primary targets for these attacks.
In April 2026, the FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement warning that cyber-enabled cargo theft losses in the U.S. and Canada reached nearly $725 million in 2025 (60% increase from the prior year). Confirmed cargo theft incidents rose 18% and the average value per theft grew 36% to $273,990, reflecting increasingly selective, high-value targeting.
Attackers have been gaining unauthorized access to broker and carrier systems through spoofed emails, fake URLs, and compromised accounts. Once inside, they post fraudulent load listings, impersonate legitimate carriers, and reroute high-value shipments. Victims often don’t discover they’ve been compromised until a broker reports a missing shipment booked in their name.
- The Anti-Phishing Working Group (APWG) reported 30–40% quarter-over-quarter growth in SMS-based fraud detections in Q4 2025 alone. (APWG Q4 2025)
- 73% of organizations targeted by social engineering attacks (the category that includes smishing) are based in North America
- In 2025, the FBI’s IC3 reported that overall cybercrime and fraud losses in the US surpassed $20.9 billion.
- According to the FTC, consumers reported financial financial damages from text scams exceeding $342 million in the first half of 2025 (the full 2025 report hasn’t been released).
The financial burden of a successful smishing attack extends well beyond the initial incident. In freight, the damage compounds fast. A single compromised broker account can expose shipper relationships, load details, carrier contacts, and payment information — all of which have real market value to a criminal who knows how to use them.
The shiny lures brokers should know about
Attackers targeting freight brokers via mobile are running a list of proven attacks, often multi-channel attacks. 41% of phishing incidents now involve multi-channel attacks combining SMS with follow-up phone calls, QR codes, or email to build credibility and pressure.
- Credential harvesting links. A text or messaging app notification sends you to a convincing fake login page for DAT, your TMS, or your email provider. You log in. They capture your username and password. Now they own your account.
- Fake load or payment confirmations. “Your carrier hasn’t confirmed pickup. Tap here to resend details.” Or: “Payment to the carrier failed, update your banking info to release the load.” These are engineered around real freight workflows to create just enough urgency to make you act without thinking.
- Carrier impersonation. A text appears to come from a carrier you work with regularly. They need you to call a different number, update their bank account for payment, or confirm a rate via a link. It isn’t them.
Things to do before you tap anything
- Check the sender – Legitimate companies don’t text you from random 10-digit numbers, short codes you don’t recognize, or overseas prefixes. If the number looks off, it probably is.
- Inspect the URL before you tap it – Long-press the link to preview the destination. Look for misspellings, extra characters, or domains that don’t quite match. When in doubt, go directly to the app or website instead of following the link.
- Slow down when it feels urgent – “Your account will be suspended in 2 hours.” “Carrier payment will fail at 5pm.” Urgency is a manipulation tool, not a real deadline. Any legitimate platform will give you time to log in directly and resolve the issue.
- Call them directly – If a carrier or shipper texts you something unexpected (a new number, a link to confirm a load, a request to update payment details) call them back on a number you already have on file before acting.
Additional Note: Incorporate layers of protection. If you haven’t set up multi-factor authentication (MFA) on your accounts, smishing is exactly why you should. Even if an attacker steals your credentials through a fake login page, MFA stops them from getting in (see May’s issue of Cybersecurity: It’s May, let’s talk MFA).
In summary
Your phone is a work device. Treat it like one.
North America is the most targeted region on the planet for this kind of attack, and freight brokers are exactly the kind of high-activity, phone-dependent professionals attackers look for. They know you’re covering loads under time pressure. They know you communicate with carriers over text. They know a convincing message about a failed payment or a flagged account will get your attention.
A two-second pause before tapping a link is the cheapest security tool you have.
