CarrierBrief
    Fraud Prevention

    Load Board Fraud on DAT and Truckstop: The Verified Profile That Isn't Who You Think It Is

    Load board fraud has moved past stolen MC numbers. Fraudsters now compromise real accounts on DAT and Truckstop. Here's how to catch them.

    March 5, 202618 min readBy CarrierBrief Team

    A broker on DAT booked a carrier with an 18-month account history, a verified profile badge, 340 completed transactions, and a 98% on-time delivery rate. The MC number was clean. The profile reviews were positive. The carrier had been on the platform long enough to accumulate a transaction history that no new fraudulent account could fake. The broker booked a $220,000 load of pharmaceuticals. The freight disappeared. The carrier whose profile was used contacted DAT three days later asking why brokers kept calling about loads they'd never accepted. Someone had compromised their load board account six days earlier by phishing the carrier's dispatch manager through an email that looked like a DAT account verification request.

    The broker didn't skip verification. They did exactly what load board fraud prevention advice tells you to do: check the profile, review the history, verify the MC number. Every signal the platform provided said this was a trustworthy carrier. The signals were real. They belonged to a real carrier. The person operating the account was not that carrier.

    Load board fraud on DAT and Truckstop has evolved past stolen MC numbers and freshly created profiles. The dominant attack vector in 2026 is account takeover, where fraudsters gain control of an established carrier's verified load board account and operate from inside a profile that carries every trust signal the platform offers. This matters because the platform trust signals that brokers use as vetting shortcuts (verified badges, transaction counts, account tenure, positive reviews) become weapons when a legitimate account is compromised. The verified profile doesn't tell you who registered the account. It tells you who is using it right now. And in 2026, those are increasingly not the same person.

    Load Board Fraud in 2026: Attack Types and Detection

    Attack TypeHow It WorksPlatform Trust Signals PresentWhat Gives It AwayDetection Difficulty
    Account takeover (ATO)Fraudster compromises a real carrier's DAT/Truckstop login via phishingAll: verified badge, history, reviews, tenureFMCSA phone number mismatch (caller ≠ registered number)Hardest
    Profile cloningFraudster creates new account using stolen MC/DOT from a real carrierMC verification passes, but no transaction historyNew profile with zero history but clean MC dataModerate
    Dormant account hijackingFraudster compromises a carrier account that's been inactive for monthsAccount tenure present, but old activityActivity gap followed by sudden aggressive load acceptanceModerate
    Phishing through platform messagingFraudster sends messages via the load board's internal system to harvest broker credentialsMessage appears to come from within the platformLinks to external sites, requests for login credentialsDepends on broker awareness
    Fake broker accountsFraudster creates a broker account to post fictitious loads and collect carrier deposits or informationLoad postings appear legitimate on the boardLoads that require upfront payment or unusually detailed carrier infoLow

    How Load Board Fraud Has Changed: From Stolen MCs to Account Takeover

    Load board fraud has evolved through three distinct phases, and each phase exploited a different layer of platform trust. Understanding the progression explains why the defenses that worked in 2023 don't catch the attacks running in 2026.

    Phase 1: Stolen MC Numbers (2020-2023)

    The original load board fraud was straightforward. A fraudster registered on DAT or Truckstop using a stolen MC number, presented themselves as that carrier, and booked loads. The MC passed the platform's automated verification because it was a real, active number. The person behind it was not the carrier.

    This worked until load boards improved their onboarding verification. Both DAT and Truckstop now require identity verification documents, and carrier onboarding includes steps beyond just entering an MC number. These changes made it harder to register a new account using someone else's credentials from scratch.

    Phase 2: Profile Cloning With Fresh Accounts (2023-2025)

    As onboarding verification improved, fraudsters adapted. They began creating accounts using their own newly obtained MC numbers (often through chameleon carrier operations that cycle through fresh authority every 30-90 days) or using more sophisticated document forgery to pass onboarding checks. These accounts had clean MC data but zero transaction history on the platform.

    Brokers learned to look for transaction history and account age as trust signals. A new profile with no completed loads became a yellow flag. Read our earlier load board fraud guide for the 7 warning signs that catch Phase 2 fraud, including the 60-second verification process that still works as the baseline defense.

    Phase 3: Account Takeover (2025-Present)

    Account takeover (ATO) is the current dominant attack. ATO is a fraud method where a criminal gains unauthorized access to a legitimate user's account on a platform, then operates under that user's identity and credentials. Instead of fighting the platform's onboarding verification, the fraudster bypasses it entirely by stealing the login credentials of a carrier who already passed verification, already built a profile, and already has the transaction history and trust signals that brokers look for.

    ATO attacks on load board accounts increased sharply in 2025 as carriers became targets of phishing campaigns specifically designed to harvest DAT and Truckstop credentials. The Transportation Intermediaries Association (TIA) flagged account takeover as an emerging freight fraud vector in their 2025 advisory, and both DAT and Truckstop have implemented additional security measures in response.

    The reason ATO is the hardest attack to detect: every platform trust signal is genuine. The verified badge is real. The transaction history is real. The reviews are real. The account age is real. The only thing that's different is the person logging in.

    How Account Takeover Works on DAT and Truckstop

    Account takeover on load board platforms follows a predictable attack chain. Each step targets a different weakness, and each step has a corresponding defense.

    Step 1: Credential Harvesting

    The attacker obtains the carrier's login credentials through one of three methods:

    1. Phishing emails. The most common method. The carrier's dispatcher receives an email that appears to come from DAT or Truckstop ("Verify your account," "Action required: update your payment information," "Your account will be suspended"). The email contains a link to a fake login page that captures the username and password.
    1. Credential stuffing. If the carrier uses the same email and password across multiple services, and one of those services suffers a data breach, the attacker tests those credentials against DAT and Truckstop logins. Credential stuffing is an automated attack that tries known username/password pairs from data breaches against other platforms.
    1. Social engineering. The attacker calls the carrier posing as load board support ("We detected suspicious activity on your account, can you verify your login for us?") and talks the carrier into providing their credentials directly.

    Step 2: Account Access and Reconnaissance

    Once inside the account, the attacker doesn't immediately start booking loads. They first study the carrier's profile: which lanes they typically operate, what equipment types they have, which brokers they've worked with, and what their usual response patterns look like. This reconnaissance allows the attacker to mimic the carrier's behavior closely enough to avoid triggering suspicion from brokers who have worked with the real carrier before.

    Step 3: Contact Information Redirect

    The attacker changes the account's contact phone number and email to numbers and addresses they control. On some platforms, this can be done without triggering an alert to the account owner. On others, the attacker intercepts the verification email by already having access to the carrier's email (obtained through the same phishing attack or a separate compromise).

    Step 4: Load Targeting and Booking

    The attacker uses the compromised account to accept loads, focusing on high-value freight in high-theft corridors. Because the profile carries the real carrier's history, brokers who check the profile see an established, trusted carrier. The attacker books multiple loads simultaneously, often across several brokers, maximizing the take before the compromise is discovered.

    Step 5: Execution and Disappearance

    The attacker either re-brokers the loads (double brokering) or sends unauthorized trucks to steal the freight. Within 3-7 days, the real carrier discovers the compromise (usually because brokers start calling about loads they never accepted), reports it to the platform, and the account is locked. By then, the attacker has moved to the next compromised account.

    The Platform Trust Signals That Backfire

    Load board platforms have built trust signals to help brokers distinguish reliable carriers from risky ones. These signals work exactly as intended when the account is operated by its legitimate owner. When the account is compromised, they become the attacker's most powerful tool.

    Verified Badges

    DAT and Truckstop both offer carrier verification programs that display a badge on the carrier's profile after the carrier passes enhanced identity and documentation checks. Brokers treat this badge as a shortcut: "verified means vetted." But the badge verifies the account at the time of registration. It doesn't verify who is using the account today.

    A carrier who passed verification 18 months ago and had their account compromised last week still displays the verified badge. The badge hasn't been revoked because the platform doesn't know the account is compromised. The broker sees the badge and skips the independent verification that would catch the impersonation.

    Transaction History and Reviews

    A carrier with 300+ transactions and positive reviews has demonstrated reliability over time. This history is genuine and belongs to the real carrier. When an attacker takes over the account, the transaction history persists. The broker sees 300 successful loads and concludes the carrier is trustworthy. They're trusting the carrier's history while talking to someone who isn't the carrier.

    Account Tenure

    An account that's been active for 2+ years signals stability. Fraudsters who register new accounts can't fake this. Account takeover gives them tenure instantly because they're operating an account that has been active for however long the real carrier has been on the platform.

    The Pattern

    Every trust signal the platform offers is backward-looking. It tells you about the account's past. It tells you nothing about who is operating it right now. The broker who relies on platform signals without independent verification is trusting a resume without interviewing the person who showed up.

    The Off-Platform Verification That Account Takeover Can't Defeat

    Account takeover compromises the load board account. It does not compromise the carrier's Federal Motor Carrier Safety Administration (FMCSA) record, because the FMCSA record requires the carrier's PIN to modify. This asymmetry is the foundation of ATO detection.

    The FMCSA-registered phone number on the carrier's MCS-150 filing cannot be changed by someone who only has the carrier's load board credentials. MCS-150 is the biennial filing every carrier submits to FMCSA that contains their registered phone number, address, fleet size, and operational data. The phone number field requires the carrier's FMCSA PIN to update.

    This means the callback verification that catches identity theft also catches account takeover:

    1. Pull the carrier's FMCSA record using the MC/DOT lookup, which displays the FMCSA-registered phone number alongside authority status and insurance data.
    2. Compare the FMCSA-listed phone number to the number now associated with the load board profile or the number the person is using to communicate.
    3. If the numbers don't match, call the FMCSA-listed number. Ask: "Did someone from your company just accept a load from us on [lane]?"
    4. If the real carrier says no, you've caught an account takeover. Report it to the platform immediately so the account can be locked.

    The attacker can change the phone number on the load board profile. They cannot change the phone number on the FMCSA filing. That gap is what catches them.

    How Fraudsters Use Load Board Messaging to Attack Brokers Directly

    Account takeover isn't the only platform-level attack. Fraudsters also use load board messaging and communication features to target brokers themselves, harvesting credentials that give access to the broker's load board account, TMS, or email.

    Phishing Through In-Platform Messages

    Load board platforms allow carriers and brokers to exchange messages. Fraudsters use this channel to send messages that contain links to credential-harvesting sites. The message might read: "Please verify the rate confirmation at this link" or "Updated insurance certificate attached, click to view." Because the message arrives through the platform's own messaging system, it carries an implicit trust that an external email wouldn't.

    Fake Document Links

    A carrier (or someone posing as one) sends a link to "view" their carrier packet, W-9, or insurance certificate. The link leads to a site that either harvests the broker's credentials (by requiring a login to "view" the document) or installs malware. Legitimate document exchange should happen through the platform's built-in document sharing, not through external links.

    Rate Confirmation Phishing

    After a load is booked, the "carrier" sends a message asking the broker to "confirm the rate at this link." The link leads to a fake version of the broker's TMS login page. The broker enters their credentials to "confirm the rate" and the attacker now has access to the broker's TMS. Read our cargo theft evolution guide for how TMS compromise enables system-level cargo theft.

    Protecting Against Platform-Based Phishing

    1. Never click links in load board messages. Access all documents through the platform's built-in document exchange or request them via email to an address you can verify.
    2. Never enter your TMS or load board credentials on a page you reached through a message link. Always navigate to your TMS and load board directly through bookmarked URLs.
    3. Enable multi-factor authentication (MFA) on your load board accounts. MFA is a security method that requires a second verification step (like a code from a phone app) in addition to your password. Even if your password is phished, MFA prevents the attacker from logging in.
    4. Report suspicious messages immediately. Both DAT and Truckstop have fraud reporting mechanisms. Flag messages that contain external links, request credentials, or pressure you to take action outside the platform.

    Worked Scenario: Account Takeover vs. Callback Verification

    The compromised carrier: Heartland Freight Services, MC-667291. Active on DAT for 3 years. 412 completed transactions. Verified badge. 97% on-time rate. 22 trucks. Clean FMCSA record. A legitimate, well-run carrier whose dispatcher clicked a phishing link two days ago.

    The attacker's setup: Changed the profile contact number to a VoIP line. Changed the email to a lookalike domain (heartlandfreight-svc@gmail.com vs. the real dispatch@heartlandfreightservices.com). The profile still shows the verified badge, all 412 transactions, and the 97% on-time rate.

    Broker A (relies on platform signals): Sees the load board profile. Verified badge. 412 transactions. Great reviews. MC-667291 checks out on FMCSA: active authority, clean BASICs, insurance current. Books a $185,000 load of auto parts. Sends rate confirmation to the Gmail address listed on the profile. Doesn't call the FMCSA-registered phone number because the DAT profile looked solid. The attacker re-brokers the load. An unknown carrier picks up. The freight delivers, but Heartland Freight Services never hauled it, never authorized it, and the broker has an unvetted carrier on a $185,000 load with zero insurance coverage for the truck that actually moved it.

    Broker B (runs off-platform verification): Sees the same profile. Same green lights. But before booking, pulls MC-667291 on the carrier vetting checklist, which runs authority, insurance, inspection, and contact verification in a single workflow. The FMCSA-registered phone number is (316) 555-0184. The number on the DAT profile is (469) 555-0931. Mismatch. Broker calls (316) 555-0184. Heartland's real dispatcher answers: "We haven't accepted any loads today. Our DAT account was hacked. We've been trying to get it locked." Broker reports the compromise to DAT. Fraud stopped.

    Same carrier profile. Same verified badge. Same 412 transactions. The only difference: one broker trusted the platform. The other verified outside it.

    What DAT and Truckstop Are Doing About Account Takeover

    Both platforms have responded to the account takeover threat with security improvements, though the measures are still maturing.

    Multi-factor authentication. Both DAT and Truckstop now offer MFA for carrier and broker accounts. Adoption among carriers remains low because many small carriers view it as an inconvenience. Brokers should ask carriers whether they have MFA enabled on their load board accounts, particularly for carriers handling high-value freight. A carrier without MFA on their DAT or Truckstop account is a carrier whose account is one phishing email away from compromise.

    Contact change alerts. Platforms are implementing notification systems that alert account owners when contact information (phone number, email) is changed. This reduces the window an attacker has before the real carrier notices the compromise. But alerts only work if the carrier monitors the notification channel (often their email, which may also be compromised).

    Suspicious activity detection. Platform algorithms monitor for behavior anomalies: sudden geographic shifts in load acceptance, unusual login locations, and rapid changes to account settings. These systems catch some ATO attempts but are still in early stages.

    Carrier identity re-verification. Some platforms are beginning to implement periodic identity re-verification for carrier accounts, requiring carriers to re-confirm their identity through document submission at intervals rather than just at onboarding.

    The direction is right. But until every carrier account on every platform has MFA enabled and contact change notifications active, account takeover will remain viable. Brokers cannot outsource fraud detection to the platform.

    Frequently Asked Questions

    How do scammers steal loads on DAT and Truckstop?

    The primary method in 2026 is account takeover: fraudsters compromise a legitimate carrier's load board account through phishing, then operate under the carrier's verified profile to book and steal loads. This is more effective than creating fake accounts because the compromised profile carries all of the real carrier's trust signals (verified badge, transaction history, positive reviews). The attacker changes the contact information and operates as the carrier until the compromise is discovered.

    What is load board account takeover?

    Account takeover is when a fraudster gains unauthorized access to a carrier's DAT or Truckstop login credentials, usually through phishing, and operates the account as if they were the carrier. The platform shows the carrier's verified profile, full transaction history, and trust badges. The person behind the account is not the carrier. This is different from identity theft (using a stolen MC number) because the attacker is inside a fully verified account rather than pretending to be a carrier from outside the platform.

    Can a verified carrier profile on DAT be fake?

    The profile itself is not fake. A verified badge on DAT or Truckstop means the carrier passed the platform's verification process at the time of registration. But if the carrier's account is compromised through phishing or credential theft, a fraudster operates behind that legitimate profile. The badge doesn't verify who is currently using the account. It verifies who registered it. This distinction is why off-platform verification (calling the FMCSA-registered phone number) catches fraud that platform verification misses.

    How do I protect my load board account from being hacked?

    Enable multi-factor authentication on every load board account. MFA blocks the majority of phishing-based account takeovers because a stolen password alone isn't enough to log in. Use unique passwords for DAT, Truckstop, and your TMS (never reuse passwords across platforms). Train dispatchers to recognize phishing emails that mimic load board verification requests. Monitor your account for unauthorized contact information changes.

    Why doesn't load board verification prevent fraud?

    Load board verification confirms the carrier's identity and MC number at the time of account registration. It does not continuously verify who is operating the account. Once an account is created and verified, anyone with the login credentials can use it. This structural limitation means that a compromised account passes every platform verification check because the underlying carrier is real. The fraud is in who is using the account, not whether the account is legitimate.

    How do I verify a carrier I found on a load board?

    Do not rely solely on platform trust signals (verified badges, transaction history, reviews). Pull the carrier's MC number through the MC/DOT lookup, which shows the FMCSA-registered phone number alongside authority and insurance data. Call the FMCSA-registered number and confirm the carrier accepted your load. Compare the phone number and email on the load board profile against FMCSA records. If they don't match, you may be communicating with someone who compromised the carrier's account.

    Should I stop using DAT or Truckstop because of fraud?

    No. DAT and Truckstop remain the primary marketplaces for freight matching and are used safely by thousands of brokers daily. The fraud risk is not in the platform itself but in relying on platform signals as a substitute for independent carrier verification. Brokers who combine platform searches with off-platform verification (FMCSA callback, DOT matching at pickup) use load boards profitably and safely.

    How common is load board account takeover?

    Account takeover emerged as a significant freight fraud vector in 2025, with TIA flagging it in their annual fraud advisory. Exact incident counts are difficult to establish because many compromises are resolved between the carrier and the platform without public reporting. Based on carrier reports to industry groups and load board fraud disclosures, ATO incidents are growing at a pace that exceeds the growth of traditional identity-based load board fraud. The trajectory mirrors what the financial services industry experienced when account takeover overtook identity fraud in digital banking.

    Bottom Line

    The broker who booked the $220,000 pharmaceutical load did everything platform-level fraud prevention recommends. Checked the verified badge. Reviewed the transaction history. Confirmed the MC number. Booked from an 18-month-old account with 340 completed loads. Every platform signal said this carrier was trustworthy. The platform was right about the carrier. It was wrong about who was behind the keyboard.

    Account takeover turns the platform's own trust architecture into the attack vector. The only verification that survives it is the one that goes outside the platform: a 30-second call to the FMCSA-registered phone number that no amount of phishing, credential theft, or account manipulation can change. The next time a verified profile with a strong history accepts your load, make the call anyway. Especially then.

    More Articles

    Your Carrier Vetting Was Perfect. The Freight Still Got Stolen at the Dock.

    Fraud Prevention · 13 min read

    You Verified the MC Number. You Didn't Verify the Person. That's Where Identity Fraud Gets In.

    Fraud Prevention · 14 min read

    You Paid the Invoice. The Carrier Never Got the Money. How Payment Fraud Hits Freight Brokers.

    Fraud Prevention · 14 min read

    Back to all articles