On Monday, multiple brokers showed signs of being victims of a hack. Hundreds of load postings were posted on DAT’s loadboard faster than users could delete them.
Tina Giramma is a broker with ST Freight. “I received a couple of emails about a random load that wasn’t my load. It happens from time to time.” When she “opened DAT, the entire damn page was filled with postings.” I scrolled and thought, “Oh crap,” before telling the enterprise account owner that someone had gotten in her account.
Giramma has only one user on her account. Yet, somehow other users were simultaneously logged into the account with a different and posting loads.
She said, “I couldn’t delete the files fast enough.” “As soon I deleted 150” loads of data, “150 more would appear.”
Giramma began to receive emails from carriers about the loads. Some of the more shocking details were revealed. $1,200 for 27-mile haul, power only from Charlotte, North Carolina to Concord, dropping off at a Circle K parking area. A similar set appeared near Amazon’s Kent distribution centers in Washington.
Do you find this strange?
[ Related Chicago freight thief steals $9M in goods: Courts]
The email that they put in there is i>a class=”__cf_email__” data-cfemail=”f99398949c8a8f90958c949097988d90b99e94989095d79a” href=”https://www.overdriveonline.com/cdn-cgi/l/email protection”>[email protected]/a> om./i> “The email they put there is [email protected] Note the space in the word C om..”
Some postings, from ST or other brokers, had a second email address, with a space, while others did not. A few thousand postings were made by a few brokers.
Abts noted that the scammer or scammers’ goal was to “bulk-download hundreds of power-only loads.” These trailer moves are from Amazon facilities, as far as I could tell.
Further research revealed that ST’s accounts were accessed by two IP addresses in particular. One VPN address is virtually untraceable. Giramma said that the other address seemed to point back to Amazon’s Boardman data center in Oregon. She did a little snooping and found out that Amazon Boardman was looking for a logistics coordinator.
“Could it be an inside job?” Abts speculated.
Overdrive doesn’t pretend to understand how Amazon’s data centres work, but Amazon web services are a major part of the infrastructure for the internet. The scammer may be “spoofing an IP address” to fool investigators.
Overdrive reported these findings to Amazon, but hasn’t heard back.
The hacker, whether it was an inside job or not, seemed to be trying to move trailers away from the Amazon warehouse and into a parking lot nearby, in this case a Circle K, where they could easily be stolen. Cargo theft has increased in recent years despite efforts by carriers, brokers, load-boards like DAT and truckstop, and many others. It was up 10 percent last quarter and 46% year-over-year. Freight fraud jumped 130% by 2023.
As Giramma deleted the ST Freight postings, messages from carriers began to pour in. Some identified the obvious scam, and confronted her about it. Others just wanted to know about the profitable load.
“I tried to delete as quickly as I could, thinking DAT would get me immediately shut off,” said Giramma. “There should be a way to disable your account instantly.”
She said that it took DAT an hour and a quarter to intervene.
Giramma has two-factor authentication. This tool is supposed to keep unauthorized users out of her account.
[ Related: Insider’s view of the fight against cyber crime in brokered-freight network]
“DAT’s second big thing is that you shouldn’t put an alternate email in the commodity field on the posting,” she said.
DAT announced in 2023 that it would “disallow non-profile contact details in the free text fields for shipments.” ”
Giramma found herself staring at hundreds of posts with non-profile contact details, not only from her brokerage but also from other brokerages, including Landstar.
Overdrive asked DAT about the hack. A PR firm hired by DAT implied that the brokers made mistakes in allowing their credentials to be compromised . DAT declined to comment on the hack, but the company did provide some details. They said that scammers generally use spaces and special characters in order to bypass filters that prevent email addresses from being entered into comment boxes. “Developers create better filters, scammers adjust, users are fooled and the cycle continues.” It’s like a race without a finish line.”
This is exactly what happened to hundreds of the fake loads posted under legitimate brokers accounts. A simple space keystroke appeared to have compromised a piece of DAT’s security system.
Overdrive spoke to another broker who had their account hacked. They said that DAT told them they’d been duped by a phishing e-mail.
The broker said, “We received an email from [email protected] stating that we got a poor review on DAT. I saw that in that box there was some carrier I’ve not worked with.” The email address was fake and the link contained in it to fix the supposed error led the broker into entering their login credentials.
Giramma received the same email several times in her inbox, but she said that she never clicked on the link. She is also very careful about phishing and carrier choice. “First of all, I am an anti-double broker,” said she. She joked that she was “like the carrier nazi”, rejecting any carriers with a whiff of suspicion or incomplete information.
She said, “It’s frightening that there is so much fraud in the freight system at the moment. It makes me angry.”
[ Related to Fake safety audit emails continue to flood in: How can you spot the scam]
Giramma’s entire episode raises a lot more questions than a simple hacking or cargo theft attempt. Did the scammer manage to get a truck move any of these loads? Was the load stolen? Was the trucker paid?
What happens if a foolish carrier books a load, hauls the load and then contacts ST for payment? She said, “It is a mess if it happens.”
She said that to avoid damaging shipper relationships, her brokerage might have to “come out of pocket” if a load is double-brokered.
Giramma is a freight expert with almost two decades’ experience. She knows the best practices to avoid fraud but said it was still a constant battle. “You can vet the carrier all day and everything will look wonderful, but bam!” Jimmy gave Bob $1,000 to use his MC Number when Bob decided he had finished with the business. Now that vetted carrier is a security risk.
[Related to: How can you tell if you’re dealing with a double-broker? It’s becoming harder to tell.
What happens if the market changes? When Giramma isn’t so picky about carriers?
Giramma’s experience using DAT load boards over the years has made her suspicious of the company. “At my previous job, we would only post our loads on DAT. We’d also check the DAT directory to see if there were any reviews whenever we got a carrier,” said Giramma. “But many of them were not in the DAT Directory, and it drove me insane.” Why am I receiving emails and phonecalls from people who are not registered with DAT and this is where my load is?
She felt that the answer was “an entire office of scammers using one DAT account, adding additional users, and those users using other MCs.”
She said that DAT account holders pay between $50 and $200 for additional users depending on the plan. Giramma suspects that DAT likes to sell additional users and doesn’t want the problem to hurt sales.
The hack is shrouded in mystery. “I emailed James Iluminati and told him I liked his name,” she said.
Giramma contacted other hacked brokers who posted the loads to spread awareness about the danger. She was fortunate to hear from many carriers who correctly recognized the fraud. They didn’t even email the alleged Mr. They found the correct ST Freight contact, and emailed her.
It is important to be aware of the dangers. If a load pays $20/mile it might be a situation that seems too good to be true.
[Related] More freight fraud is on the way? The pessimistic outlook for rates sets the stage