Freight Fraud Hit an All-Time High in Q1

Freight fraud reached an all-time high in Q1 2026, and direct theft by rogue carriers accounted for half of all fraud incidents. Change-of-ownership fraud climbed 169.6 percent year over year. Fraudulent email attempts rose 49.9 percent from the same period in 2025. Social engineering attacks accelerated across every channel. The numbers from Highway’s Q1 2026 Freight Fraud Index Report show that every major indicator moved in the wrong direction simultaneously, and the pace is getting faster.
What makes Q1 distinctive is the source. The carriers executing theft runs in Q1 were not unknown bad actors slipping through the edges of the system. Many of them were previously compliant operators with clean records, verified equipment, and long-standing broker relationships. FMCSA’s Interim Final Rule on non-domiciled commercial driver’s licenses, which went into effect March 16, put thousands of drivers on a regulatory clock, and some of them responded by treating loads as exit opportunities before enforcement caught up.
That dynamic reframes what carrier risk actually looks like in 2026. The carrier a broker has run 500 loads with is not automatically safe. The profile looks the same, but the risk behind it may not.
“Fraud has moved from rules to process,” said Michael Grace, VP of Customer Risk Management at Highway. “Just because you’ve run a thousand loads with a carrier doesn’t mean the next one is safe. There’s a level of risk that’s happening anytime you hire someone.”
The data bears that out across every fraud vector. Change-of-ownership fraud, in which bad actors acquire a legitimate MC and inherit the carrier’s established broker relationships before stealing loads, accounted for roughly 20 percent of Q1 incidents and surged 169.6 percent year over year. The mechanism is effective precisely because the threat looks nothing like a threat. A sold MC does not trigger alarm bells. It looks like a partner a broker has worked with for years.
Email compromise held steady at 26 percent of incidents, a number Highway flags not as a sign of stabilization but of entrenchment. Highway blocked 527,940 fraudulent inbound emails in Q1 alone. Once a bad actor has access to a broker or carrier inbox, the damage extends well beyond a single load: shipments get rerouted, payments get redirected, and the trust between a broker and every carrier in that thread gets compromised.
The emerging threat heading into Q2 is social engineering, which accelerated faster in Q1 than any other single vector. Bad actors are calling broker and carrier teams directly, impersonating legitimate carriers, targeting after-hours and weekend desks where staff have less context, and in some cases impersonating Highway itself to extract verification codes over the phone. The attack surface is not a system vulnerability. It is a person answering a phone at 11 p.m. who does not have the full picture.
The geographic concentration of fraud activity follows the regulatory pressure. California, New Jersey, Indiana, Maryland, Illinois, North Carolina, and Pennsylvania are the hotspot states, all of which carry significant non-domicile licensing exposure. The commodities fraudsters are targeting most are meat and seafood, electronics, and semi-precious metals, categories that will move in greater volume as produce season drives Q2 freight activity higher through corridors where theft is already concentrated.
The Q1 findings put a finer point on an argument the industry has been circling for years. Verifying a company name on an MC number is not the same as verifying who is actually operating behind it. As Grace put it: “In today’s freight environment, trust can be transferred with a signature and an MC number. That’s why brokers can’t just verify companies anymore. They have to verify who is actually operating behind the authority.”
The full findings, including vehicle-level fraud data, geographic hotspots, and Highway’s forward outlook for Q2, are available in the Q1 2026 Freight Fraud Index Report at highway.com.
