“These scams can result in more than just monetary loss,” the Cloudflare researchers warned. “For example, if the threat actor gives the load to a cargo carrier with poor reliability or safety ratings, it might be delayed, damaged, or lost during shipment. That could result in reputational harm and additional financial losses, especially if the shipment is not properly insured.”
But shippers are often not the only victims. In a variation of the scam, the impersonators also repost the shipment with a higher price to convince a legitimate carrier to haul the load. But when the time comes for the carrier to be paid, the phone numbers are disconnected and the email addresses deleted.
How to defend against double brokering
The defense against double-brokering scams is similar to all BEC attacks that involve impersonation. Companies should double check the legitimacy of the carriers or freight brokers contacting them and check if the domain names behind the email addresses are the correct ones. Threat actors often create a fraudulent domain by adding “LLC” or “INC” at the end of a legitimate company name. For example, xyzshipping[.]com is the legitimate domain, while xyzshippingllc[.]com is fraudulent.