The Invisible Email Scam That Steals Loads
Criminals quietly route a carrier's broker load emails to spam, then book those loads under its name. Here is how the scam works and how to catch it.
Security
The Invisible Email Scam That Steals Loads
A freight dispatcher's inbox is the nerve center of their operation. On any given day, dozens of load offers, rate confirmations, and broker communications flow through that inbox, each representing a potential revenue opportunity. The invisible email scam exploits this reliance by turning the dispatcher's own inbox against them — silently hiding legitimate load offers in the spam folder while a criminal intercepts and accepts those same loads under the carrier's name.
This tactic is a critical component of the broader carrier identity theft ecosystem. It is particularly insidious because it requires no technical sophistication to execute once an email account has been compromised, and it can go undetected for weeks. Numeo's AI-powered platform is specifically designed to detect and neutralize this attack, alerting carriers the moment their broker communications are being suppressed.
How the Invisible Email Scam Works
The invisible email scam typically begins with a phishing attack. The fraudster sends a convincing email to a dispatcher or owner-operator, impersonating a load board, a broker, or even a government agency such as the FMCSA. The email contains a link to a fake login page that captures the dispatcher's email credentials when they attempt to sign in.
With access to the email account, the attacker sets up inbox rules — automated filters that most email platforms support — to redirect specific emails to the spam or trash folder. These rules are typically configured to target emails from high-value brokers: the companies that send the most load offers and represent the most revenue for the carrier.
From the dispatcher's perspective, the inbox simply goes quiet. They stop receiving offers from those brokers and assume that freight is slow or that the brokers are using other carriers. Meanwhile, the attacker is receiving those same emails, responding to the brokers as the legitimate carrier, and arranging fraudulent load pickups.
| Attack Phase | What the Attacker Does | What the Dispatcher Sees | Duration Before Detection |
| 1. Credential Theft | Phishes dispatcher's email password | Nothing unusual | Immediate |
| 2. Rule Injection | Creates inbox rules to move broker emails to spam | Inbox goes quiet from certain brokers | Days to weeks |
| 3. Load Interception | Accepts loads as the legitimate carrier | No load offers from targeted brokers | Days to weeks |
| 4. Cargo Theft | Dispatches fraudulent driver to pick up cargo | Broker calls asking where shipment is | After delivery window |
Why This Scam Is So Effective
The invisible email scam succeeds because it exploits a fundamental trust in the reliability of email. Dispatchers are trained to respond to what is in their inbox, not to question what might be missing from it. When a broker stops sending load offers, the natural assumption is a business reason — the broker found a cheaper carrier, freight volumes are down, or the broker is using a different load board.
The scam is also self-concealing. Unlike a DNS hijacking attack, which requires changes to external infrastructure that can be detected by monitoring services, inbox rule injection happens entirely within the carrier's own email account. Without an intelligent monitoring system that understands what normal communication patterns look like, there is no automated way to know that emails are being suppressed.
According to a 2025 report by FreightWaves, impersonation scams are becoming increasingly sophisticated, with criminal organizations investing in tools and techniques that make their attacks harder to detect and attribute. The invisible email scam is a prime example of this trend: it is low-tech in execution but high-impact in outcome.
The financial impact on carriers
A single intercepted load rarely stops at the value of the freight. Verisk CargoNet's 2025 analysis put the average loss at roughly $273,990 per theft event, and that is only the direct line. Around it sit the insurance deductible, the legal defense against shipper and broker claims, the days lost to investigating and recovering, and the hardest cost to price: the broker relationships that go cold once a fraud incident is traced to your authority.
| Loss category | What it covers |
|---|---|
| Direct cargo loss | The stolen shipment — about $273,990 on average per event (CargoNet, 2025) |
| Insurance and legal | Deductibles plus the cost of defending shipper or broker claims |
| Broker relationship damage | Brokers may stop offering loads after a fraud tied to your name |
| Operational disruption | Days to weeks spent investigating and recovering |
| Reputational harm | Negative word of mouth that suppresses future revenue |
Numeo's Intelligent Email Monitoring
Numeo's approach to the invisible email scam is grounded in behavioral analysis. Rather than simply scanning for known malware or phishing signatures, Numeo's AI builds a model of what normal communication looks like for each carrier — which brokers typically send load offers, at what frequency, and during what hours. When the system detects a significant deviation from this baseline — such as a sudden cessation of emails from a high-value broker — it flags the anomaly and alerts the carrier.
This behavioral approach is critical because inbox rules are not inherently malicious. Every email platform supports them, and legitimate users create them all the time to organize their inboxes. What makes an inbox rule suspicious is the context: a rule that moves emails from a major broker to the spam folder, created at 2 AM on a Sunday, is very different from a rule that files newsletters into a folder.
What to do the moment you suspect it
If a steady broker has gone quiet, treat it as a security question before a sales one. Open your email account's rules or filters and read every entry — attackers hide the malicious rule among legitimate ones, often forwarding a copy to an outside address before sending the original to spam or trash. Delete anything you did not create, then check the spam and trash folders for the load offers you have been missing.
Next, lock the account down. Change the password, enable two-factor authentication with an authenticator app rather than SMS, and review recent sign-in activity for logins from unfamiliar locations or devices. If you find evidence the account was reached, sign out all sessions and rotate any credential that touched it, including your load board and registrar logins. Finally, call the brokers who went silent directly and confirm whether anyone has been accepting loads under your authority. Catching the rule early is the difference between a scare and a stolen shipment.
This works alongside DNS monitoring. If an attacker has both compromised the carrier's email account and altered its DNS records, the two signals surface together, giving a fuller picture of the breach and enabling a faster, more complete response. Both run as part of Numeo One, the layer that watches the carrier's email and domain for exactly these tactics.
A Dispatcher's Security Checklist
| Security Practice | Why It Matters | How to Implement |
| Use a unique, strong password for email | Prevents credential stuffing attacks | Use a password manager (e.g., Bitwarden, 1Password) |
| Enable 2FA on email account | Blocks access even if password is stolen | Use an authenticator app, not SMS |
| Review inbox rules monthly | Catches malicious rules before they cause damage | Check Settings > Rules/Filters in your email client |
| Verify sender before clicking links | Prevents phishing credential theft | Hover over links to see the real URL before clicking |
| Monitor inbox behavior automatically | Detects suppressed emails before they cost a load | Use a tool that models normal broker traffic |
References
1. FreightWaves — Impersonation Attacks Are Here To Stay (Sep 2025)
2. FMCSA — New Phishing Scheme Targets Motor Carriers
3. NICB — Warns of Increased Cargo Theft in 2025 (nicb.org)
4. OOIDA — Truckers Report Email Scam Aimed at Hijacking Authority
5. Proofpoint — Cybercriminals Targeting Trucking and Logistics
Try Numeo
Ready to find better loads?
Numeo automates load search, rate negotiation, and broker emails — so you spend more time moving freight.
Explore Numeo
Related posts
The Real Cost of Manual Dispatch
A line-by-line accounting of what manual dispatch really costs you: dispatcher hours, missed loads, deadhead, and the revenue that leaks out the back.
Feb 24, 2026 · 8 min read
GuidesWhat AI in Trucking Actually Does for Your Fleet
A clear, honest map of AI in trucking: the real categories, what each does, what is mature versus early, and where a carrier should start.
Jan 29, 2025 · 12 min read
Guides10 AI-First TMS Systems Worth Watching in 2026
A clear-eyed look at 10 AI-first TMS platforms for 2026, from agentic dispatch to enterprise visibility, with an honest comparison.
Mar 1, 2026 · 8 min read
Fraudsters spoof or compromise broker email threads to insert fake instructions or altered rate cons, blinding dispatchers into rerouting loads or payments.
Verify broker identity and factoring status before booking, watch for changed reply-to addresses, and cross-check rate cons against the original posting.
Inline broker factoring/safety checks, a broker blacklist, and AI document validation (BOL/POD vs. rate con) help catch mismatches before they cost a load.