For most of the last thirty years, the U.S. freight release workflow has rested on a quiet assumption: if the caller ID on my phone shows the carrier's number, the person on the line is from that carrier. That assumption was never rigorously true, but for a long time it was true enough — spoofing a phone number in 1998 required a PBX and a plausible cover story, and few opportunistic fraudsters had either.
2026 is not 1998. A working VoIP account and thirty seconds of setup is enough to spoof any caller ID a fraudster wants to display. Verisk CargoNet logged 767 supply chain crime events across the U.S. and Canada in Q1 2026 alone. In its 2026 threat report, Highway said it blocked 1.98 million fraudulent email attempts and 8.5 million fraudulent phone numbers across the freight ecosystem in the previous twelve months. This is what a mature fraud stack looks like once the tooling has commoditized.
Anatomy of a VoIP-driven cargo theft
A modern cargo theft is a three-stage operation. Physical theft is only the last stage, and it is often the shortest.
Stage 1: Access
The fraud crew opens the operation with a phishing email — a spoofed load-board notification, a fake FMCSA compliance alert, a "we tried to deliver your package" lure. One click, and a broker or carrier employee's session cookies land in the attacker's inbox. The crew now has the ability to read email, see internal dispatch tools, and access the carrier's internal contact list. This is the same email-compromise pattern that has driven business email compromise (BEC) losses for a decade; freight is now among its fastest-growing verticals.
Stage 2: Reconnaissance
Inside the mailbox, the crew reads for a week. They learn the dispatch cadence, the standard load pattern, the specific broker-carrier relationships, and — critically — the exact voice and language a specific dispatcher uses when confirming a pickup. When the right load surfaces, they know its PO number, its warehouse, its assigned carrier's MC, and the phone number the warehouse would normally call to verify. All of this is inside the compromised mailbox.
Stage 3: VoIP-assisted intercept
Now the crew executes. They provision a fresh VoIP number and configure the caller ID to display the real broker's or carrier's number. When the warehouse's normal pre-release verification call goes out — or when the crew's own driver arrives at the dock and the supervisor picks up the phone to "just confirm" — the incoming call routes to the crew. A live voice answers using the dispatcher's name and confirms whatever needs confirming: a "new driver" reassignment, an earlier pickup window, a change of destination.
The warehouse hangs up satisfied. The load is released. The tractor rolls out. Sometimes the real broker doesn't learn what happened for hours.
Why this attack is worse than physical impersonation
A classic fictitious pickup still requires a fraudster to physically show up at the dock and pass a face-to-face check, however cursory. VoIP hijacking requires no physical presence at all — the "verification" step happens entirely by phone, from anywhere in the world. The attacker's exposure is close to zero, and the tooling is cheap. Both facts point in the same direction: this technique will grow.
Why the "call the broker" step no longer verifies anything
A verification is only useful if the party being verified is uncontrollable by the attacker. A phone call to a number the attacker has already compromised — or to a number whose caller ID the attacker can spoof at will — fails that condition. The step doesn't verify; it certifies whatever the attacker wanted certified.
This is not a hypothetical. Trucking industry press has documented multiple 2025-2026 cases in which the warehouse's dutiful pre-release call reached a spoofed line and returned a false confirmation. The dispatchers on the receiving side are practiced, calm, and use the correct names. They have been reading the real dispatcher's emails for days.
A verification step that runs through a channel the attacker controls is not a verification. It is a delivery confirmation for the attacker.
What actually verifies in 2026
Every effective 2026 release check has to satisfy a single test: can the signal it depends on be forged, intercepted, or replayed by an attacker who has already breached the broker's email? If yes, the check is decorative. If no, it is real.
A phone call fails. Email confirmation fails. A physical BOL fails (it is trivial to forge). A driver's license inspection fails (they are trivial to forge). What survives is any signal that the broker's own system generates at dispatch time and delivers to the warehouse without passing through email, phone, or paper.
How TrailersSafe removes the phone call from the release decision
When a broker dispatches a driver, TrailersSafe binds that driver's identity — face photo, redacted license, name — to a one-time QR code that only that pickup produces. At the dock, the warehouse scans the code with any phone and sees the assigned driver's face pulled directly from the broker's system as it existed at dispatch time. There is no phone call to make. There is no email to check. There is no BOL to trust.
If a VoIP crew is waiting at the other end of a spoofed line, they never get called. If the crew compromised the broker's email, the pickup QR is not sent through email and cannot be pulled from the mailbox. If the crew tries to walk their own driver into the dock, the face on the warehouse's screen is somebody else, and the release stops.
The verification step is moved from a channel the attacker controls (voice, mail, paper) to a channel the attacker cannot inject into: the broker's own dispatch record, retrieved server-side at the moment of pickup. This is not a phone call replacement. It is the elimination of the phone call as a verification step.
What operators should take from this
Three specific moves, ordered by tractability.
1. Stop treating a matching caller ID as evidence of anything. Every warehouse SOP that includes "confirm by phone" as a release condition is exposed. The phone number is not authentication; it is a display string.
2. Assume broker email compromise. Design around it. The FBI's April 2026 advisory is explicit that email compromise is upstream of most of these thefts. If your release workflow can be tricked by a convincing forwarded email from your normal broker contact, the workflow is broken. Adjust so that no email — no matter how convincing — is sufficient to authorize release.
3. Move the identity check into a channel with server-side integrity. Any signal generated inside the broker's dispatch system at dispatch time — a face binding, a one-time code, a signed record — is out of reach of email breach and VoIP spoofing. This is where the release condition has to live.
The trajectory
VoIP spoofing is not going away because the underlying protocol makes caller ID trivially forgeable and the industry is not going to rewrite SIP. Regulatory efforts like STIR/SHAKEN help with consumer robocalls but do not meaningfully reach B2B cargo workflows. The rational assumption is that this attack class grows for the next several years.
What changes is the release workflow around it. The industry has spent thirty years anchoring release decisions to voice and paper. The next three years belong to release decisions anchored to systems.
About TrailersSafe
TrailersSafe is a Delaware-based U.S. company focused on identity verification at freight pickup. Our warehouse release page shows the assigned driver's face and redacted license, pulled directly from the broker's dispatch record at the moment of scan — no app install, no phone call, works on any phone.
- Service area: all 50 U.S. states
- Languages: English and Simplified Chinese
For a 15-minute walkthrough of how VoIP-driven attacks are blocked at the release step, visit trailerssafe.com.
Sources
- FBI IC3 PSA-260430 (April 2026) — Cyber-Enabled Strategic Cargo Theft Surging
- Highway — Understanding the Rising Threat of Cargo Theft
- Truck News — Phone number spoofing emerges as a new cargo theft tactic
- Security Affairs — Digital attacks drive a new wave of cargo theft, FBI says
- Sentinel Vault — The FBI's $725M Warning: Cargo Theft Is Now a Cybercrime
- DAT — Fraud trends hitting the Canadian market in 2026
Disclaimer: This article summarizes public advisories and industry reporting on 2026 cargo-theft trends. Loss figures cited are those published by the referenced sources. TrailersSafe significantly reduces impersonation-based cargo theft risk but does not guarantee zero loss.