Chicago Freight Fraud: Inside the $10M Phishing Scheme and What Every Business Should Learn

In this article:

• A 1,500% Surge: Fraudulent Carriers and Freight Fraud Since 2021
• Four Types of Cargo Theft and Freight Fraud
• Why This Isn’t Only a Freight Problem
• Security Measures That Actually Prevent Freight Fraud
• What This Means for Chicago Businesses

A 41-year-old man from suburban Chicago was sentenced this week to five years in federal prison for orchestrating one of the largest Chicago cargo thefts the region has seen in years, and a textbook example of freight broker identity theft. The total haul: more than $10.1 million worth of liquor and commercial-grade copper, redirected away from their destinations and resold on the black market between 2020 and 2023. The group had set out to steal $14.6 million in total.

The part that should grab every business owner’s attention, not just trucking companies, is how the freight was stolen. There were no break-ins. No hijacked trucks. The crime was committed through phishing and identity manipulation, convincing real shippers to release their cargo to fake carriers.

According to the U.S. Attorney’s Office for the Northern District of Illinois, Aivaras Zigmantas pleaded guilty in December 2025 to federal wire fraud. He used multiple aliases over three years to impersonate both real and fake logistics companies. Once shippers released their freight to what they believed were legitimate carriers, the goods disappeared. U.S. District Judge Elaine E. Bucklo handed down the 60-month sentence.

“The theft started with identity, not force.” That single line captures a shift the entire freight industry is grappling with, and that every business with regulator-issued credentials should be paying attention to.

A 1,500% Surge: Fraudulent Carriers and Freight Fraud Since 2021

Identity-based freight crime isn’t a one-off. According to ATA CEO Chris Spear, the industry has seen a 1,500% increase in criminal activity targeting freight since 2021, driven largely by trucking phishing campaigns and logistics phishing attacks that hijack carrier credentials at scale. In a single quarter (Q2 2024), reported losses from fraudulent carriers exceeded $34 million.

CargoNet tracked nearly $130 million in cargo theft across 2023, a 57% increase over the prior year, with food, beverages, and household goods topping the most-targeted list.

Freight verification platform Highway reported blocking 352,000 fraudulent inbound emails and nearly 31,000 spoofed phone calls in Q1 2025 alone. That’s the volume of attempted phishing the industry is now defending against, and that’s just one vendor’s edge of the network.

The shift is structural. Bad actors no longer need physical force when they can hijack a Motor Carrier (MC) number issued by the Federal Motor Carrier Safety Administration (FMCSA) and use it to pose as a legitimate carrier. Once they have authority documents, insurance certificates, and a believable email address, they can secure premium loads from local shippers in any transportation hub, including Chicago.

Four Types of Cargo Theft and Freight Fraud

Strategic cargo theft now arrives in several recognizable patterns. Knowing them is the first step in defending against them.

Identity Theft and MC Number Hijacking

Criminals impersonate legitimate motor carriers using stolen operating authorities. They use stolen identities and phished credentials to take over the email and the FMCSA portal access, then re-register under a new business name once law enforcement catches up. With a hijacked MC number or USDOT number in hand, they can bid on freight loads through public load boards or directly to shippers, and disappear after pickup.

The FMCSA has acknowledged the scale of the problem. The agency began rolling out identity verification requirements in April 2025, requiring new registrants to pass identity proofing through the Unified Registration System before obtaining operating authority. Until that’s fully operational, the burden of verification sits with brokers and shippers.

Double Brokering

Double brokering, sometimes labeled the “fake freight broker scam” by industry investigators, happens when a load is passed to another broker or carrier without the shipper’s approval. The fraudulent middleman collects the broker’s payment, then either refuses to pay the carrier who actually moved the freight or disappears entirely. The legitimate carrier finishes the job and is left chasing money that’s already been redirected.

Fictitious Pickups

In a fictitious pickup, scammers falsify rate confirmation documents to look like an authorized carrier and physically remove cargo from a warehouse. By the time the legitimate carrier shows up to make the actual pickup, the load is gone. This is exactly the pattern federal prosecutors described in the Zigmantas case, posing as a legitimate carrier, getting freight released, then diverting it away from its destination.

Phantom Shipments and Payment Redirection

Phantom shipment fraud involves billing for a load that never existed. Fraudsters submit forged documents to factoring companies or directly to shippers, collect payment for cargo that was never moved, and often evade detection until well after the money has been disbursed.

A close cousin is payment redirection, when cybercriminals compromise an email thread between two real parties and silently change the bank account information on a wire transfer. The shipper pays. The money goes to the attacker. The legitimate carrier never gets the funds.

Why This Isn’t Only a Freight Problem

Read this case as a freight industry story and the lesson is: trucking companies need better identity controls. Read it as an IT story and the lesson is much broader.

The mechanics of how hackers impersonate businesses translate cleanly across every industry, and supply chain partners are an especially attractive target. They sit in the trust path between two larger organizations, and they handle credentials that move money.

Every industry that depends on regulator-issued credentials is exposed to the same playbook. A doctor’s NPI number. A lawyer’s bar registration. A financial advisor’s CRD. A contractor’s state license. Each of those is a credential that, in the wrong hands, lets an attacker pose as a trusted party and exploit the trust downstream, to redirect a payment, claim insurance benefits, or extract information.

The targets change. The mechanism doesn’t.

What makes the freight industry’s experience worth studying is that the attackers have already commercialized the playbook. They’ve built operational infrastructure: fake company filings, hijacked email accounts, forged insurance certificates, social-engineered FMCSA filings, and load-board reconnaissance to identify the most lucrative shipments. The same depth of operation can, and does, show up in healthcare billing fraud, legal document fraud, real estate wire fraud, and managed services impersonation.

For a Chicagoland business, the practical takeaway is that “could this happen to us?” usually answers itself with the question, “do we have credentials, customer data, or payment flows that a sufficiently motivated criminal could imitate?”

Security Measures That Actually Prevent Freight Fraud

Verifying identity is no longer optional, and it can’t be done from inbound communication alone. Whether you’re a freight broker confirming a carrier or a Chicago small business confirming a new vendor, these are the practices that hold up.

Verify Identity Through Official Channels, Not Inbound

If a carrier emails you their MC and USDOT numbers, don’t reply to that email to confirm. Look up the active authority details directly through the FMCSA Company Profile Database. The same principle applies in any industry: when a new vendor sends bank details for an invoice, pick up the phone using the number on their public website, not the one in the email, and confirm.

For the broader email-side of this problem, see our walkthrough of how to spot and report phishing attempts: Don’t Take the Bait: How to Report Phishing Emails.

Layer Your Identity Checks

A single verification step isn’t enough on its own. Checking an MC number, validating an email domain, or glancing at an insurance certificate can each be forged independently. Multilayered identity verification cross-references several independent signals: an MC number checked against active FMCSA data, a phone call to a number listed in the official record, and an insurance certificate verified directly with the named insurer, not the carrier’s office.

The same principle scales to any business. Multi-factor authentication on email accounts. Separation of duties on payment approvals. A documented verification process for any new vendor or large transaction. A comprehensive cybersecurity provider can help tie all of these controls into a single framework. None of these are exotic. All of them stop the most common attacks.

Train Your Team to Recognize the Red Flags

The Zigmantas-style scams rarely involve obvious phishing. The emails are usually well-written. The documents look professional. What gives them away are operational tells: a request that’s slightly outside the normal process, unusual urgency, a payment redirection request, paperwork that doesn’t quite match across two different documents, or a vendor whose communication patterns suddenly shift.

For a deeper look at the email tactics business owners need to recognize, see 4 Ways Hackers Can Infiltrate Your Business Using Email.

Build an Internal Verification Process

Brokers and carriers who consistently avoid freight fraud share one trait: they have a written process. Verify contact information. Do your due diligence on MC activity history. Confirm insurance details with the underwriter, not the office that handed you the certificate. The same discipline transfers to any business, a documented procedure for verifying new vendors, large payments, and credential-tied transactions is what separates a near-miss from a wire-fraud loss.

Monitor for Credential Exposure

When a phishing campaign successfully harvests credentials, an MC number, a USDOT number, an accounting email login, the credentials often appear on dark web marketplaces before they’re actively used. Continuous credential monitoring gives you a window to rotate, lock down accounts, and notify the FMCSA or your partner brokers before bad actors can operationalize the data. For businesses subject to regulatory requirements, this kind of monitoring is both a protection against fraud and a compliance obligation.

What This Means for Chicago Businesses

The Zigmantas case stands out because of the dollar figure and the local angle. But the scale of freight fraud Chicago businesses face is not an outlier. As FreightWaves reported, federal prosecutors in the Northern District of Illinois and FBI investigators have been seeing more identity-driven fraud cases every quarter, and they overlap with broader business email compromise and wire fraud trends affecting every industry in the region.

For Chicago businesses outside the freight industry, the takeaway isn’t “trucking is dangerous.” It’s that the same identity-driven phishing tactics that stole $10 million in freight are equally capable of stealing the payments, customer data, or credentials of a Chicagoland medical practice, law firm, real estate brokerage, or manufacturer. These aren’t hypothetical targets. They are the customers and businesses that attackers research before making their move.

The defensive playbook is the same: verify directly, layer your identity checks, train your team, document your processes, and monitor your credentials. The cost of implementing those controls is small. The cost of a successful identity-driven attack, as Zigmantas’s victims learned, runs into millions.

If you’re a Chicagoland business owner and you don’t have clean answers to these three questions, that’s the gap worth closing first:

• Do you know exactly what would happen if an attacker sent your accounting team a wire-transfer change request that looked like it came from a real vendor?
• Do you have multi-factor authentication on every email account that handles payment information?
• Do you have a documented vendor verification process for any new payment relationship over a defined dollar threshold?

LeadingIT works with Chicagoland businesses to put exactly these controls in place, email security, multi-factor authentication, vendor verification processes, employee phishing awareness training, and credential monitoring. If the Zigmantas case made you wonder whether your business is as exposed as those freight shippers were, that’s the right instinct.

Book a cybersecurity audit with our Chicago-based team and we’ll walk through where your identity-verification gaps are, before someone less helpful finds them first.