“These scams can lead to losing money,” Cloudflare researchers warn. “For example, if a threat actor provides a carrier with unreliable cargo or security ratings, it could be delayed, damaged, or lost during shipment. That can lead to reputational damage and further financial loss, especially if the shipment is not properly insured.”
But often the senders are not the only victims. In another type of scam, actors also send shipments at a higher price to convince the legitimate carrier to pull the load. But when it comes time for the carrier to be paid, phone numbers are disconnected and email addresses are deleted.
How to protect against double broker
Defenses against double-dealing scams are the same as for all BEC attacks involving impersonation. Companies should double-check the legitimacy of the carriers or freight forwarders they contact and check that the domain names behind the email addresses are correct. Scam actors often create fake domains by adding “LLC” or “INC” to the end of the legal company name. For example, xyzshipping[.]com is the official domain, while xyzshippingllc[.]com scam.
Source link