Spoofed Broker Emails: How One Letter Costs You Thousands
Scammers forge broker email addresses to redirect carrier payments. The address looks right at a glance, but a single swapped character drains the account.
Email spoofing happens when a scammer forges a sender's address to make a fraudulent message look like it came from someone you trust. In freight, that means fake emails from brokers, shippers, or carriers asking you to change a payment account, cancel a load, or wire to a new bank. The email protocols underneath your inbox were never designed with authentication, so a spoofed message can look almost identical to the real thing.
What it looks like in real life
You get an email from what looks like your regular broker. They confirm a load you booked yesterday, then ask you to wire payment to a new account because of a "system update". The sender address looks right at first glance. You wire $8,000.
Three hours later your real broker calls asking why you never picked up the load. The email address was one character off: a double v instead of a w, or a zero instead of the letter O. The money is gone, and your bank cannot pull it back.
Why this works on experienced carriers
Two reasons. First, dispatch happens fast. You're glancing at the sender, not staring at it. Second, the lookalike domain is paired with a real load context the scammer already knows about, often because they hijacked an inbox earlier in the chain. By the time you read the email, every detail (load number, pickup, rate) lines up.
How to protect yourself this week
- Never act on payment changes from email alone. Pick up the phone. Call the broker on a number you already had on file (not one in the email). Verify the change in real time.
- Read the sender address character by character. Lookalike domains use swapped letters, extra periods, or subtle misspellings.
broker.comvsbrokers.com.logistics-co.comvslogistlcs-co.com. - Check the reply-to. Sometimes the From looks legit but the reply-to points to a free Gmail/Outlook address. That alone is a hard stop.
- Slow down on urgency. Real brokers do not need you to wire in 30 minutes. Pressure plus payment change equals scam, every time.
- Trust your spam warnings. If your mail client says "this sender is unverified" or "first contact", do not click the links in the email until you have confirmed by phone.
What to do if you already wired
Call your bank within minutes if you can. ACH and wire reversals are time-sensitive. File an FBI IC3 report at ic3.gov. File a police report so your insurance has paperwork. And tell the broker you thought you wired to, since they may be able to identify the inbox compromise on their end and warn other carriers.
Haulock checks the sender domain on every rate confirmation against the broker's FMCSA-registered website. If the email arrived from a lookalike domain (a swapped letter, a subtle TLD change), we flag it inside the report before you wire a cent.