Owner-operator Norman Camamile was moored at a Columbus truck stop with his reefer trailer on the weekend of 6-8-9 when he saw a tempting prospect for a local haul posted by someone claiming to be from Prestigious Logistics a Memphis broker that has been in business since 2020. He said that the load was a 100-mile haul, powered only, and paid well. He could have easily dropped his reefer, done the work and returned with a profit.
He did so, and communicated with the person on the other side of the gmail address who used the surname “Iluminati”. It wasn’t the first load he had seen posted using this email, or another variant with the same iluminati name. If this sounds familiar, Readers, you will know about the series of phishing attacks on brokers DAT accounts, which resulted in hundreds of what appeared to Amazon loads being posted to the DAT boards. This was reported last week by Alex Lockie.
He said that in retrospect, the whole thing should have raised the spidey-senses of owner-operator Camamile. It was as suspicious as anyone calling themselves Illuminati might be, but this all happened a week or more before Lockie reported it. Camamile was enticed to take the risk by the opportunity to make a little more money during a slow weekend in reefer freight. As he noted along with spot rates reports late last week rates have been “abysmal” for him in recent times.
Norman Camamile
The first power-only trip was only 15 miles away from his location. It was a move from one Amazon warehouse into another.
“I did that,” he said. His Iluminati Contact noted, “I have more.”
Camamile agreed. “The second batch started out of the same warehouse in Columbus, but it went to another Amazon warehouse about 20 miles away”, and paid $1,000.
Do the math. Camamile agreed to a rate that was far higher than the $20/mile loads ST Freight had seen posted after its DAT was hacked.
[ Related to Thousands of $20/mile loads]
Camamile, operating under his Cherry Tree Park Transportation authority then booked another run with the email contact, still claiming to be with Prestigious Logistics.
Prestigious COO Tyler Ward said that by then, the company had already made significant progress in shutting down the hacker’s ability to upload loads to DAT using its account. Ward said he was woken up at 7 a.m. on Saturday, June 8, by his “phone exploding.” My team and I began answering the calls, most of which were owner-operators trying to verify details of load posts that they saw on DAT.
Owner-operator Camamile had not done this.
Ward said, “This person clearly had gotten into our DAT Account.” “I told at least 100 carriers that it wasn’t us.”
Ward noted that company reps immediately contacted factoring companies as well as DAT and then filed reports with both the FBI and Federal Trade Commission. They also communicated with Amazon to “let them” know the facilities they at least knew about that seemed to be involved in the loads. Not that they had any great contacts with Amazon.
[ Related to: Is long-haul trucks fading away?]
Ward stated that as a freight broker “we don’t work at all with Amazon”. Instead, Ward focused on a core of shipper clients with van freight and a core of partner carriers. Ward was confident Prestigious had stopped the hacker from doing any more damage, and knocked them out of Prestigious DAT. Amazon reps were asked about this story and pointed to a blog post which outlines the reality that anyone seeing an Amazon load on a DAT or other public load board should take into consideration. The blog post focuses on double-brokering and explains that Amazon only works with select third-party brokers.
Amazon does not tender loads via any third-party load board. Amazon loads posted to third-party loadboards will only be offered directly to approved and registered carriers via Relay’s web portal or mobile app.
Camamile’s next load, which he had to move around Columbus on the weekend of June 8-9 cost him more than his two previous empty-Amazon trailer moves. This was a trailer loaded with Amazon carts for the warehouse operations of Amazon, which originated at a repair facility for those carts. The owner-operator drove the load all the way from Columbus to Mt. Juliet, Tennessee near Nashville, then scheduled two more short runs within the Middle Tennessee area, all to and fro Amazon facilities.
He would run four loads in total, all of which took place during the weekend of June 8-9. “My factoring company was closed and it was hard to reach people,” he explained. This company is his go-to source for credit checks, etc. “On Monday, i quickly submitted all of the work I had done to my factoring firm. They called the brokerage firm [Prestigious]… a real, good company. But [ Illuminati, of course] had never worked there. The broker had never heard of them. They said that their system was also hacked over the weekend.”
[ Related to: Growing identity theft schemes by brokers/carriers]
Camamile knew what was happening and had no intention of following through with the move. He showed up to the pickup location, but “asked the gateperson that greeted him at the Amazon facility: ‘Who is really assigned to this job?'” Camamile related the story. “He looked at his list – it was a different company than mine.”
Before Camamile asked, no one in any of the facilities questioned why he picked up the load, when it had been assigned to a completely different carrier. This type of on-site confirmation is highly recommended in today’s world, and was an important part of the “Supply Chain Protocol”, which Overdrive has covered in depth in recent years.
[ Related to: Fight Double-Brokerage Fraud: Attorney Hank Seaton discusses prevention and enforcement]
Overdrivesubsequently talked to one of the carriers identified by Amazon as being assigned to at least a Camamile load — two-truck CDM Jewels operating out of Winnsboro in South Carolina with two owner-operators under their authority, and in business since 2011 Devetta Myles of CDM, who handles IFTA and IRP, as well as other compliance and tax issues for other independents, was surprised to be assigned an Amazon load. She noted that none of the truckers with whom she works are based or regularly run on the lane connecting Columbus, Ohio and Nashville, Tennessee where Camamile was assigned an Amazon load.
She also knew that she was not yet fully set up on Amazon’s Relay System for spot loads.
Myles said, “I tried to get an Amazon Relay account but they denied me” earlier this year. She received an invitation to apply on May 20. “I checked the email, and everything looked legitimate down to the verification system – they even had two step verification.”
She had not heard anything else since the second attempt to set up a Relay account.
The email purportedly came from the domain carrier-ats.com. Registry lookup services confirm that the domain was created on May 19, the day before the email was sent. The email text was similar to phishing messages sent to FMCSA-registered carrier posing as auditors. This scam was reported earlier this year, and then a few weeks ago when the scam continued.
The email from May 20 to Myles contains an intro text that also borrows from Amazon and Relay brand images.
We are delighted to invite you to become a valued member of the Amazon Relay trucking operations team. We at Amazon Relay understand the importance of reliable transport in today’s society. Your reputation as a reliable carrier partner perfectly matches Amazon Relay’s commitment to set new standards in logistics and transportation. We are excited to have you as a part of our team, as we continue to innovate in the industry and provide exceptional customer service. Please proceed to complete the onboarding process by visiting http://carrier-ats.com or simply click the button below.
The “button” was a large “GET STARTED!” text link ( , which is similar to the recent FMCSA audit phishing email that has been sent to many registered carriers), but it didn’t take you directly to carrierats.com. It took you to a different website.
The email was sent to dozens of contacts, including Myles and CDM Jewels, and presumably carriers. At least one had a name Overdrive that was recognized from previous contacts and coverage.
[ Related to Phishing emails containing a ‘fake safety audit’ keep pouring in]
“This is a very broad reach,” Camamile said about what appears to be phishing attacks on both carrier and broker account of commonly used load platforms.
Sam Stephenson, an Amazon spokesperson, did not confirm or deny any of the details. He also refused to answer questions regarding the extent of scammers infiltrating Relay’s onboarding procedure. He said that “our teams are dedicated to protecting drivers from bad acts, and we actively combat phishing attacks made by Relay impersonators.” Stephenson also referred to the company’s efforts to “educate our customers on how they can identify fake email schemes, so that they are better able protect themselves through public sharing of information like blogs, email alerts, and FAQs posted on our website.”
Amazon reps also pointed out this blog post that offers tips on how to recognize phishing emails from would-be criminals. It provides the [email protected] address for user sanity check, verification of suspicious email of the type Devetta Myles got.
Owner-operator Camamile stated that he hoped Amazon would pay at least one other carrier for his work to establish a trail of money for these loads. It’s likely that the money trail will lead outside of the jurisdiction of U.S. Law Enforcement, but “there is the money trail the FBI can follow up on,” said Camamile. This could also lead to additional lessons for carriers in order to avoid being fooled by such schemes. “At the very least, they could learn how to stop this scam and find out what it was.”
Camamile said that he lost $400-$500 on fuel and two days of legitimate work, which is equivalent to about $2,000 in revenue. Amazon reps contacted for this article declined to answer whether owner-operators such as Camamile could take a specific route to claim payment for actual work performed. The responsibility for payment ultimately lies with the shipper.
It is safe to say for now that if you receive an unexpected email from a source unknown that ends with the invitation to GET START, hyperlinked places unknown, you should give it a thorough examination before you begin the process of stealing your business’s identity.