Cloudflare survey finds cyberattacks and fraud flourishing in logistics

Report uncovers surge in phishing, double brokering and multichannel attacks targeting logistics

Cloudflare reviews cybercrime in logistics. (Photo: Jim Allen/FreightWaves)

IT provider Cloudflare recently released a survey on cybersecurity and fraud in the supply chain and logistics sectors, revealing a rapidly growing threat landscape.

As companies in the industry become more reliant on digital infrastructures, the interconnected systems of global supply chains have become prime targets for increasingly sophisticated cyberattacks.

“With freight being a critical component of the global supply chain, it’s no surprise that scams on these organizations have been flourishing, with no signs of stopping or slowing,” said Blake Darché, head of threat intelligence and Cloudforce One at Cloudflare, in an email to FreightWaves. “Cloudflare has already been leveraging advanced machine learning to help us pinpoint phishing attacks before they happen. … But as with any cutting-edge technology that helps defenders innovate and harden security models, it also helps attackers advance their skills and the sophistication of their attacks. While AI will play a large role in combating phishing, it will simultaneously play a large role in enabling it.”

Phishing, double brokering, and multichannel attacks have become serious threats. To combat them, Cloudflare reviewed strategies aimed at strengthening cybersecurity and preventing financial losses.


The rise of double brokering

One of the most concerning trends identified in Cloudflare’s report is the rise of double brokering, a form of fraud in which criminals impersonate legitimate freight companies.

Truckstop.com has observed a 400% increase in double-brokering complaints since 2022, highlighting the rapid growth of identity deception attacks.

In these scams, attackers secure shipping contracts by posing as legitimate brokers and then reassign the shipments to other carriers, collecting the difference between the victim’s payment and the amount paid to the carrier.

This not only leads to financial losses but also poses risks like shipment delays, damage or loss.


Since January, companies connecting shippers with goods have experienced a marked uptick in fraudulent activities, according to Cloudflare.

The study found that Fortune 500 companies have reported as many as 10 incidents of impersonation per month, highlighting the scale of the problem across all industries. 

These scams exploit the complexity of logistics systems, which often involve multiple parties in the supply chain, each dependent on the trustworthiness of the others. Attackers mimic trusted partnerships to intercept financial transactions, causing reputational harm and significant financial damage to the affected companies.

Phishing and cyberattacks

Phishing remains a significant concern as well, particularly in industries that rely heavily on email, like supply chain facilitators. 

Cloudflare’s research shows phishing accounts for over 35% of all detected email threats. Cybercriminals often impersonate trusted business contacts, sending fraudulent emails designed to steal credentials or install malware.

Phishing schemes have evolved into multichannel attacks, where cybercriminals use various communication platforms — email, SMS, social media — to deceive victims. These attacks often start with an email, followed by text messages or social media contact, creating multiple opportunities for attackers to breach an organization’s defenses.

Cloudflare’s survey found that 89% of security decision-makers are concerned about multichannel phishing threats, but only 25% of organizations feel fully prepared to tackle them.

“Since email is the most exploited business application, everyone and every sector is a victim,” said Darché. “With freight being a critical component of the global supply chain, it’s no surprise that scams on these organizations have been flourishing, with no signs of stopping or slowing.”


Deferred phishing

A particular evolution in phishing tactics is deferred phishing. Attackers send an email containing a benign link that passes through traditional security filters. Once the email has been delivered, the attackers weaponize the link, transforming it into a phishing site designed to steal credentials. This technique circumvents many traditional defenses because the email appears legitimate when it first reaches the recipient’s inbox.

An example of a phishing email from a fake Federal Motor Carrier Safety Administration email account. (Photo: Adam Wingfield)

Deferred phishing attacks have proved highly effective, as they exploit the delay between email delivery and the activation of malicious content. Cloudflare’s research shows phishing tactics are becoming increasingly cunning, with attackers using these deferred methods to slip past standard security systems unnoticed. The logistics and supply chain sectors, where timing and trust are critical, are especially vulnerable to these attacks.

Business email compromise

Another growing threat discussed in the Cloudflare survey is business email compromise (BEC), in which attackers impersonate business partners or colleagues to trick victims into transferring funds or sharing sensitive information. BEC attacks rely on social engineering, exploiting the trust established between the attacker and the victim. Unlike traditional phishing, BEC doesn’t use malicious links or attachments, making it harder for email security systems to detect.

In recent years, BEC attacks have skyrocketed, with global losses exceeding $50 billion since 2013. These attacks are particularly devastating in industries like logistics, where companies often handle large financial transactions involving multiple parties over email. In one common scam, attackers impersonate a vendor or freight broker, sending fake invoices to their targets. These invoices are nearly indistinguishable from legitimate ones, making it easy for companies to fall prey.

Vendor email compromise is a variation of this scam in which attackers gain control of a vendor’s legitimate email account to send fraudulent requests. Once compromised, the attacker can initiate payments for fake invoices, creating a cascade of financial damage. 

Take a zero-trust approach

To address these threats, Cloudflare advocates a zero-trust security model, which assumes that no user, device or email should be trusted by default. 

Under this model, organizations require numerous verification measures before granting access to their systems.

One of the key components of this approach is multifactor authentication (MFA). While many companies use MFA, not all methods are equally effective. Cloudflare recommends adopting phishing-resistant MFA tools like hardware security keys, which offer stronger protection by requiring physical verification before granting access.

In addition to MFA, Cloudflare promotes a principle of least privilege, limiting users’ access to only the systems and information necessary for their roles. This minimizes the potential damage caused by compromised accounts, as attackers are unable to move laterally through the network.

“Despite email’s pervasiveness, many organizations still follow a ‘castle-and-moat’ security model that trusts messages from certain individuals and systems by default. Zero trust is a security model that assumes all users and devices are untrusted, so everyone – from intern to CEO – must be verified to access email, company applications or services. This mindset shift is especially critical if you have multi cloud environments and a remote or hybrid workforce,” said Darché. 

While these situations can be frightening for logistics business leaders, Darché pointed out the importance of not placing blame on individuals and building a security culture.

“Establish a blame-free but paranoid culture to make it harder for humans to make mistakes. Meet employees and teams where they are by making the tools they already use more secure, and preventing them from making mistakes. … A culture that reports suspicious activity, as well as genuine mistakes, early and often helps ensure incidents, no matter how rare, are reported as soon as possible,” he explained.


Digital freight broker furloughs workers after losing key customers

Logistics industry must evolve to fight fraud, TIA says in new report

Members of Congress call for establishing center to fight retail crime

Exit mobile version