Freight Phishing and Account-Takeover Prevention

Reduce freight phishing risk by using phishing-resistant multifactor authentication where available, unique managed passwords, limited account privileges, verified support channels, protected domain and email settings, and independent callbacks for sensitive changes. Train staff to report suspicious messages quickly and maintain a tested process for revoking sessions and warning affected partners.

Audience and scope: U.S. freight companies, dispatch teams, account administrators, and people who handle loads or payments.

01

Controls that reduce exposure

  • Use multifactor authentication and unique passwords stored in an approved password manager.
  • Limit administrator rights and remove dormant users promptly.
  • Verify password-reset, bank-change, contact-change, and support requests through a known channel.
  • Protect email and domain accounts, review forwarding rules, and monitor unexpected login or recovery changes.
  • Practice a short response drill so staff know who can reset accounts, contact platforms, preserve logs, and alert partners.
02

If a user clicked or signed in

  • Disconnect from the suspicious page and report it through the company's security process.
  • From a trusted device, reset affected credentials, revoke sessions, and review MFA, recovery methods, users, rules, and recent activity.
  • Notify the real platform through its published support channel and preserve the message, URL, headers, and login alerts.
  • Report fraud or attempted fraud through appropriate official channels.
03

Use the appropriate official reporting channel

The correct destination depends on what happened. FMCSA provides transportation-industry fraud guidance and the National Consumer Complaint Database. Cyber-enabled fraud may also belong with FBI IC3; suspected fraud affecting U.S. Department of Transportation programs may be reported to DOT OIG; consumer fraud can be reported to the FTC.

  • Contact 911 or local law enforcement when there is immediate danger or an active theft.
  • Report promptly and keep the confirmation or complaint number from every agency.
  • Notify affected insurers, load boards, banks, factoring companies, customers, and business partners through independently verified contact details.