How to protect the global supply chain from phishing scams

The supply chain is a highly interconnected ecosystem of suppliers, manufacturers, logistics, retailers and finally, consumers. The exchange of goods and the flow of transportation between all of these various groups is the backbone of our global economy. But if disrupted, our interconnected world could face all types and levels of chaos – from stolen Christmas presents to empty shelves in grocery stores or hospitals being unable to get their hands on life-saving supplies.

It is imperative that organizations prepare for significant cyber incidents. A new white paper from the World Economic Forum, in collaboration with the University of Oxford, unpacks the concept of cyber resilience, outlining the evolution of the cyber paradigm and highlighting that cyber resilience is an organization’s ability to minimize the impact of significant cyber incidents on its primary goals and objectives.

Although it may not be your typical headline-grabbing attack on a household name, freight and transportation organizations have been facing growing cyberthreats. Over the past several months, Cloudforce One has been actively monitoring impersonation attempts of transport and freight organizations, whereby a threat actor will create a fake company and trick victims into loading the necessary details to enable them to intercept or disrupt the transaction. These scams, also known as double brokering scams, have been rising rapidly in the last few years, with one freight solution provider having seen a 400% increase in complaints since 2022.

Double brokering was found to be the number one type of fraud that worries freight brokers most, with 50% placing it as their top concern. During a double brokering attack, threat actors impersonate a freight organization, acting as a middleman between the sending and receiving companies. This type of scam has become incredibly common due to the high volume of transportation companies that exist, many of which don’t have a website, making it even easier to impersonate – i.e. threat actors can set up a website in their name to conduct their fraudulent transactions.

Double brokering scams are almost always initiated through a phishing email. Based on how prevalent email is, and the fact that phishing exploits human behaviour instead of technical vulnerabilities, threat actors can more easily carry out malicious activity and bypass security protocols.

In successful instances, the victim replies with the load information, including picked up details, the destination and the quantity and weight of the package. The threat actor then bids on the shipment by offering a discounted price, enticing the victim to accept it. Once the offer is accepted, the threat actor then offers a legitimate cargo carrier for the shipment at a lower price and pockets the difference.

Aside from financial loss, these types of attacks can lead to the reputational damage of cargo carriers – with poor reliability or safety ratings, delayed shipments or damaged and lost goods.

The first line of defence to help prevent double brokering is simple: awareness. While this is not a foolproof defence, the human element of phishing calls for a human defence. For example, recipients should verify the legitimacy of the sender by first analysing the domain that it is sent from. Threat actors often create fraudulent domains by adding “LLC” or “INC” at the end of a legitimate company name. For example, if xyzshipping.com is the legitimate domain, the threat actor would slightly alter it and use xyzshippingllc.com.

These emails have become increasingly convincing due to threat actors including the motor carrier number of a legitimate transport company to request full information about the load. These convincing details and brand impersonation make these emails appear to be legitimate in the eyes of the victim.

Email security tools designed to detect, block and isolate phishing threats can significantly reduce the risk of double brokering scams. But most tools are not as effective as we’d like them to be – with about 89% of unwanted messages having “passed” the three most common email authentication checks: DMARC, DKIM and SPF. These are the email authentication methods that help prevent spammers, phishers and other unauthorized parties from sending emails on behalf of a domain they do not own.

That being said, leveraging advanced machine learning (ML) and artificial intelligence (AI) technology to uncover new phishing schemes, as well as tracking new tactics used by threat actors in real time, will help organizations stay on top of the attempted threats that the organization faces.

Cyber resilience goes beyond cybersecurity, and it is imperative that organizations prepare for significant cyber incidents in such a dynamic environment, making sure their operations and growth potential are undamaged. This approach encourages them to consider the many ways in which they are vulnerable and how they can limit the potential impacts – whether these arise from their use of information or operational technology, or from the use of digital technology by others in their supply chain or wider ecosystem.

Securing the global supply chain is a collective effort that requires the cooperation and collaboration of all parties involved. Organizations need to develop adaptable strategies and leverage shared insights from industry peers to navigate the growing complexities of the cyber landscape. Proactive collaboration and continuous learning will play a vital role in enhancing cyber resilience. As freight and transportation continue to serve as the backbone of our global supply chain, the industry must put increased focus on security to avoid reputational and financial damages. On the flip side, consumers must also remain vigilant when opening emails, so as to identify indicators of fraud.

Cloudflare's Cloudforce One Threat Intelligence Team contributed to this article. Another version of this article is also available on Cloudflare’s platform here.