Carrier Identity Theft: How Fraudsters Clone Real MC Numbers (And the 5 Points Where the Impersonation Fails)

A broker gets a call from a carrier offering to cover an open load. The carrier provides their MC number. The broker runs it through FMCSA. Active authority, 6 years of operating history, clean BASIC scores, insurance on file, Satisfactory safety rating. Every check comes back green. The broker books the load.

The truck that shows up at the shipper's dock has a different DOT number painted on the door. The driver doesn't know the broker's name. The freight gets picked up and disappears. The broker calls the carrier they booked. The carrier says they never accepted that load, never heard of the broker, and have no idea who picked up the freight.

The broker didn't book a bad carrier. They booked a fraudster who was pretending to be a good one. The MC number was real. The carrier was real. The person on the phone was not.

Carrier identity theft is not a technology hack. It doesn't require breaking into any system. Everything a fraudster needs to impersonate a legitimate carrier is published for free on FMCSA's public website: DOT number, MC number, legal name, physical address, company officers, insurance company, policy details, and equipment count. The transparency that makes carrier vetting possible is the same transparency that makes carrier impersonation possible.

Here's the attack chain and where it breaks down:

Five failure points. Five places where a broker who knows what to look for can stop the fraud before the freight leaves the dock. The rest of this guide explains each one.

How Carrier Identity Theft Actually Works

The mechanics are simpler than most people assume, and that simplicity is what makes the scam so common.

Step 1: Target Selection

The fraudster needs a carrier whose identity will pass a broker's vetting checks. They're looking for:

• Active authority (at least 12+ months old, so it doesn't trigger new-authority caution)
• Clean BASIC scores (no red flags that would make a broker hesitate)
• Active insurance on file (so the insurance check comes back positive)
• A carrier large enough that they might plausibly have trucks in various locations, but not so large that they have a dedicated fraud prevention team monitoring for impersonation

FMCSA's SAFER system provides all of this information for free. The fraudster doesn't need insider access or special tools. They need a web browser and 10 minutes.

Step 2: Identity Assembly

The fraudster assembles a carrier packet using publicly available information: the real carrier's legal name, DOT number, MC number, physical address, and company officer names. They create an email address that looks plausible (using a slightly different domain or a free email provider), get a phone number (burner phone or VoIP), and sometimes set up a basic website.

The carrier packet they send to the broker looks legitimate because the core data is legitimate. It came from a real carrier's real FMCSA record. The broker checks the MC number, the DOT number, and the insurance, and everything matches because it's the real carrier's information.

Step 3: Load Acceptance

The fraudster contacts brokers (or responds to load postings) using the stolen identity. They accept loads, often at competitive rates, and provide the assembled carrier packet when requested.

At this point, most standard vetting processes pass the fraudster. The MC number is real. The authority is active. The insurance is on file. The safety record is clean. The only things that don't belong to the real carrier are the phone number, email, and the person making the call.

Step 4: Pickup and Theft

The fraudster dispatches a truck to pick up the freight. This truck has no connection to the real carrier. The driver may have a different DOT number on the door, or no markings at all. In the most organized schemes, the fraudster puts temporary magnetic signs with the victim carrier's DOT number on the truck to match the booking.

Once the freight is picked up, it's either delivered to a fence (for cargo theft) or the fraudster disappears with the carrier's payment (for double brokering). In some cases, the freight is actually delivered by a third-party carrier the fraudster hired at a lower rate, and the scam is purely financial.

Step 5: Discovery

The real carrier discovers the impersonation when brokers start calling about loads they never accepted, when cargo claims arrive for freight they never touched, or when FMCSA contacts them about complaints filed against their DOT number. By this point, the fraudster has moved on, often to impersonate a different carrier.

The 5 Points Where Carrier Identity Theft Fails

Every impersonation has gaps. The fraudster can copy the data, but they can't replicate the relationships, the infrastructure, or the operational details. Here are the five checkpoints where the fraud becomes visible.

Failure Point 1: Phone Number Doesn't Match FMCSA Records

This is the fastest check and the one most commonly skipped.

Every carrier's FMCSA record includes a phone number. When someone calls you claiming to be a carrier, compare the number they're calling from against the number on file with FMCSA. Use our MC/DOT lookup to pull the FMCSA contact details and compare them against what the caller provided.

A mismatch isn't proof of fraud. Carriers change phone numbers, and the FMCSA number might be outdated. But it's a signal that warrants a second step: call the phone number on FMCSA's record directly and ask if they're offering to haul a load from your origin to your destination today. If the real carrier says no, you've caught the impersonation.

This single check catches the majority of carrier identity theft attempts. Most fraudsters don't account for the fact that the real carrier's phone number is publicly listed and that a broker can call it independently.

Failure Point 2: Email Domain and Communication Details

Legitimate carriers typically use company email addresses that match their business name or website. A carrier called "Midwest Express Transport LLC" operating from a @midwestexpresstransport.com email is consistent. The same carrier name operating from a @gmail.com, @outlook.com, or @midwestexpress-transport.net (note the hyphen) address is inconsistent.

Fraudsters rarely have access to the real carrier's email domain. They use free email providers or create lookalike domains with slight variations: an extra letter, a hyphen, a different TLD (.net instead of .com). These variations are easy to miss if you're not looking for them.

What to check: Compare the email domain the carrier is using against their registered business name and any website associated with their operation. If the carrier has a professional website and the person contacting you is using a Gmail address, verify through the website's listed contact information before proceeding.

Failure Point 3: W-9 and Banking Details

The carrier packet typically includes a W-9 for tax purposes and banking information for payment. This is where the fraudster faces a dilemma: they can't use the real carrier's banking details (the payments would go to the real carrier), so they must substitute their own.

A W-9 with a different legal name, a different EIN, or a different address than what FMCSA shows for the carrier is a red flag. The fraudster needs the payments to flow to their account, which means the banking entity has to be different from the carrier they're impersonating.

What to check: Compare the legal name and EIN on the W-9 against the legal name in FMCSA's database. Compare the address on the W-9 against the FMCSA physical address. If either doesn't match, stop and verify before processing any payment setup.

Failure Point 4: Insurance Certificate Verification

The fraudster references the real carrier's insurance filing, which shows up correctly in FMCSA's system. But when a broker requests a certificate of insurance (COI), the fraudster faces another problem: they can't get a legitimate COI from the real carrier's insurer because they're not the policyholder.

Two things happen at this point. Either the fraudster produces a forged COI (which will fail verification if the broker calls the insurer), or they stall, providing excuses for why the COI isn't available yet.

What to check: Request a COI and call the insurance company directly to verify that the policy is active, that it covers the entity you're booking, and that the certificate is genuine. Use our insurance status checker to see what insurer is on file with FMCSA, then contact that specific company. This call takes 5 minutes and catches forged certificates.

Failure Point 5: Truck Verification at Pickup

This is the last line of defense and the most definitive one.

When the truck arrives at the shipper's dock, the DOT number on the truck door should match the DOT number of the carrier you booked. If it doesn't, the truck does not belong to the carrier you vetted. It belongs to someone else. Your insurance verification, your safety check, and your vetting process covered a different carrier than the one picking up the freight.

What to do: Require your shippers to verify the DOT number on every truck at pickup and report it to your dispatch team before releasing the freight. This takes 30 seconds. If the DOT number doesn't match, hold the freight and call the carrier you booked to verify. For a full breakdown of pickup verification procedures, read our double brokering guide.

Who Gets Targeted: The Carriers Most Vulnerable to Identity Theft

Not all carriers face equal risk of having their identity stolen. Fraudsters prefer certain profiles because they produce the cleanest impersonation.

Mid-Sized Carriers (20 to 200 Trucks)

Large enough that a broker wouldn't be surprised to get a call from them in any lane. Small enough that they don't have a dedicated fraud monitoring team watching for unauthorized use of their MC number. This is the sweet spot for impersonation.

Carriers With Clean Records and Long Operating History

The entire point of stealing an identity is to borrow someone else's reputation. A carrier with 8 years of clean authority, a Satisfactory rating, and low BASIC scores is exactly what the fraudster wants the broker to see when they run the MC number. Nobody impersonates a carrier with an Unsatisfactory rating.

Carriers With Common or Generic Names

"National Transport Services LLC" is easier to impersonate than a carrier with a distinctive, locally recognized name. A broker is less likely to have a pre-existing relationship with a generically named carrier and more likely to accept the cold call at face value.

What to Do If Your Carrier Identity Has Been Stolen

If you're a carrier and you discover that someone is using your MC number to book loads you never accepted:

1. Contact FMCSA immediately. Report the identity theft to FMCSA's National Consumer Complaint Database at nccdb.fmcsa.dot.gov. FMCSA can flag your DOT number in their systems to alert brokers that impersonation activity has been reported.

2. Notify your insurance company. Your insurer needs to know that fraudulent COIs may be circulating with your policy details. They can flag unauthorized certificate requests.

3. Alert load boards and industry associations. Post alerts on the load boards you use. Notify the TIA (Transportation Intermediaries Association), OOIDA, and any carrier monitoring services. The faster the industry knows, the faster the fraudster loses access to loads.

4. Document everything. Save records of every call, email, and complaint you receive from brokers about loads you didn't accept. This documentation is essential for FMCSA enforcement and any legal action.

5. Monitor your FMCSA record. Check your inspection history and crash records periodically to ensure that incidents involving the impersonator's trucks aren't being attributed to your DOT number. If they are, file a DataQs challenge to correct the record.

How Brokers Can Protect Against Carrier Identity Theft

For Every New Carrier Relationship

Call the FMCSA phone number, not the number the carrier gave you. This is the single most effective countermeasure. Pull the carrier's record, find the phone number listed with FMCSA, and call it independently. Ask if they're offering to haul a load for you today. Ten seconds of phone verification stops most identity theft cold.

Compare the email domain against the carrier's business name. Lookalike domains and free email addresses are the most common tells.

Verify the W-9 against FMCSA registration. The legal name and EIN should match. The address should be consistent. If the payment entity is different from the carrier entity, ask why.

Request a COI and verify it with the insurer. Don't just check whether insurance is on file with FMCSA. Request the actual certificate and call the insurer.

At Pickup

Require DOT number verification on the truck. Train your shippers to check the DOT number on the truck door against the carrier you booked. If it doesn't match, hold the freight.

Ask the driver who dispatched them. If the driver names a company you've never heard of, or doesn't know the name of your brokerage, escalate immediately.

Ongoing

Monitor for patterns. If you receive callbacks from a carrier saying they never accepted loads that your records show they did, investigate immediately. You may have been targeted by a fraudster using that carrier's identity.

Re-verify established carriers periodically. A carrier you verified 6 months ago could have had their identity stolen since then. If a carrier's communication patterns change (new phone number, new email, new contact person), re-run verification before booking. Our carrier vetting checklist standardizes this re-verification process across your team with saved records for each carrier.

Frequently Asked Questions

What is carrier identity theft in trucking?

Carrier identity theft occurs when a fraudster uses a legitimate carrier's MC number, DOT number, and publicly available FMCSA data to impersonate that carrier and book loads. The fraudster accepts loads under the real carrier's identity, then either steals the freight or re-brokers it to an unknown third party. The real carrier has no involvement and typically doesn't know their identity is being used.

How do fraudsters steal MC numbers?

They don't steal them in the traditional sense. MC numbers, DOT numbers, and associated carrier data (legal name, address, officers, insurance details) are published for free on FMCSA's public database. Fraudsters simply look up a carrier with a clean record and use that carrier's publicly available information to create a convincing impersonation.

How can I tell if a carrier is being impersonated?

The five failure points: (1) the phone number doesn't match FMCSA records, (2) the email domain doesn't match the carrier's business, (3) the W-9 or banking details don't match the FMCSA registration, (4) the certificate of insurance can't be verified with the insurer, and (5) the DOT number on the truck at pickup doesn't match the booked carrier.

What should I do if I suspect carrier identity fraud?

Do not release the freight. Call the carrier directly using the phone number listed in FMCSA's database (not the number the suspected fraudster gave you). Verify the DOT number on the truck at the shipper's dock. If the impersonation is confirmed, report it to FMCSA and document everything.

Can carrier identity theft happen with load boards?

Yes. Load boards are a primary channel for carrier identity theft because they allow carriers to register and accept loads quickly. Some load boards have implemented additional verification steps, but fraudsters adapt by providing the real carrier's documentation during onboarding. The verification burden ultimately falls on the broker.

How is carrier identity theft different from double brokering?

Carrier identity theft involves impersonating a specific legitimate carrier. Double brokering involves a carrier (or someone posing as a carrier) accepting a load and re-brokering it to another party without the broker's knowledge. The two often overlap: a fraudster may steal a carrier's identity to book loads and then double-broker them. Read our double brokering guide for the full breakdown of that scheme.

Are there tools that detect carrier identity theft automatically?

Some load board and vetting platforms flag discrepancies between the contact information being used and the contact information on FMCSA records. Our MC/DOT lookup shows the phone number, address, and contact details on file with FMCSA so you can manually compare against what the carrier provided. Automated detection is improving but the most reliable check remains the independent phone call to the FMCSA-listed number.

What happens to the real carrier when their identity is stolen?

The real carrier may receive calls from brokers about loads they never accepted, cargo claims for freight they never touched, and complaints filed against their DOT number for incidents they had no involvement in. In severe cases, inspection or crash records from the impersonator's trucks can be incorrectly attributed to the victim carrier's DOT number, damaging their BASIC scores and safety record.

Bottom Line

The broker in the opening scenario ran every standard check. MC number: real. Authority: active. Insurance: on file. Safety record: clean. The vetting process worked exactly as designed. The problem is that the process was designed to verify a carrier's identity, and the person on the phone had already borrowed that identity from a public database.

One additional step would have caught it. Call the phone number listed in FMCSA's records, not the phone number the caller provided, and ask: "Did you just accept a load from us?" That call takes 10 seconds. The fraud it prevents can cost tens of thousands of dollars in stolen freight, insurance claims, and litigation.

Verify the carrier. Then verify the person claiming to be the carrier. They're not always the same.