The Call Sounds Normal. The Dispatcher Isn't Real. How Voice Phishing Steals Freight.

The call lasts four minutes. A dispatcher from what appears to be a legitimate carrier calls your brokerage about a load you posted 20 minutes ago. They reference the correct lane, the correct pickup time, and the correct commodity. They give you an MC number that checks out: active authority, valid insurance, Satisfactory safety rating. They confirm a rate slightly below the next best quote. They ask you to send the rate confirmation to a Gmail address because "our company email is being migrated." You send it. A truck shows up at the shipper's dock the next morning with the right reference number. It picks up 42,000 pounds of electronics and drives away. The real carrier whose MC number was used has no idea any of this happened. Your freight is gone.

That's voice phishing in freight. Vishing is a social engineering attack where a scammer impersonates a legitimate dispatcher or carrier representative over the phone to steal loads. It has become the fastest-growing fraud vector in the US freight industry because it bypasses every digital verification tool brokers use. The carrier's MC number is real. The authority is active. The insurance is valid. The only thing that's fake is the person on the phone, and most brokerages have no systematic process for verifying that.

This post reverse-engineers exactly how these calls work, the four psychological triggers fake dispatchers use to prevent you from verifying their identity, the specific phrases that signal a vishing attempt, and the 60-second verification protocol that stops the attack without slowing down legitimate carrier interactions.

How Voice Phishing Works in the Freight Industry

Voice phishing in freight follows a five-stage sequence designed to exploit the speed at which brokerage operations move. The entire attack takes less than 10 minutes and targets the gap between rate negotiation and load tender where verification feels like a bottleneck.

Stage 1: Reconnaissance. The scammer monitors public load boards (DAT, Truckstop, Loadsmart) for posted loads. They note the origin, destination, commodity, pickup date, and broker contact information. Some operations use automated scrapers that pull load postings in real time and route them to a call center.

Stage 2: Identity selection. The scammer selects a legitimate carrier whose MC number, authority status, and insurance will pass a standard vetting check. They specifically choose carriers that operate in the correct region for the load so the geographic profile doesn't raise flags. Many scammers maintain lists of 50-100 carrier identities they rotate through, discarding each one after a few successful thefts before the real carrier reports the misuse.

Stage 3: The call. The scammer calls the broker and identifies themselves as a dispatcher from the selected carrier. They reference the specific load by details scraped from the board. The call feels normal because the scammer knows exactly what a legitimate carrier call sounds like. They use industry terminology correctly. They negotiate rate within a reasonable range. They confirm equipment type and availability. Nothing about the conversation triggers suspicion because the conversation is designed around what brokers expect to hear.

Stage 4: The redirect. The scammer provides the legitimate carrier's MC and DOT numbers for verification but redirects communication to channels they control. This is where the attack diverges from legitimate operations: they provide a personal email address for the rate confirmation, a different phone number "for the driver," or a fax number that routes to a digital service. The email redirect is the single most common tell, and it's the one most brokerages don't have a policy against.

Stage 5: The pickup. Within 12-24 hours, a truck arrives at the shipper's dock with the correct reference number and pickup details from the rate confirmation. The truck may be rented, may have temporary or obscured DOT markings, or may belong to a different carrier entirely. The driver presents a BOL matching the load details. The shipper releases the freight. The scammer disappears.

The Four Psychological Triggers Fake Dispatchers Use

Fake dispatchers succeed because they exploit four specific psychological patterns that exist in every fast-paced brokerage operation. Understanding these triggers is the first step to building immunity against them.

Trigger 1: Time Pressure

Every brokerage operates under time pressure. Loads need to move. Shippers have pickup windows. Carriers have repositioning deadlines. Scammers know this and weaponize it. "My truck is 30 miles from the shipper right now" is not a statement of fact. It's a pressure lever designed to make you skip the verification step that would catch the fraud.

The tell: legitimate dispatchers also mention truck proximity, but they don't become impatient or evasive when you say "Great, let me verify your MC and call you back in five minutes." A scammer will push back on that pause because the pause is where their attack fails.

Trigger 2: Authority Matching

Scammers mirror the language and behavior patterns of legitimate dispatchers so precisely that the conversation feels routine. They know what questions brokers ask and have answers prepared. They know the cadence of rate negotiation. They drop details about "their" fleet ("we run 200 trucks, mostly reefer, based out of Memphis") that match the real carrier's FMCSA registration.

The tell: the details are sometimes too perfect. A real dispatcher might not know their exact fleet count or might round it differently than what's on file. A scammer rehearses the FMCSA data because it's their script.

Trigger 3: Anchoring on Verified Data

By providing a real MC number that passes every check, the scammer anchors your trust on data that is genuinely accurate. The authority is real. The insurance is real. The safety rating is real. Your brain registers "verified" and stops looking for problems because the verification system you trust just told you everything is fine.

The tell: the data verifies the carrier, not the person on the phone. This distinction is the entire vulnerability. Use CarrierBrief's carrier search to pull the registered phone number and contact details for the MC provided, then compare those against what the caller gave you. A mismatch between the caller's contact information and the FMCSA-registered contact information is the highest-confidence signal of a vishing attempt.

Trigger 4: Social Cost of Suspicion

Questioning a legitimate carrier's identity feels rude. Brokers worry about offending a real dispatcher, losing the truck, or developing a reputation for being difficult to work with. Scammers exploit this by reacting with mild offense when questioned: "I've been dispatching for 15 years, I've never had a broker question my identity before." That reaction is engineered to make you back off.

The tell: legitimate dispatchers understand why brokers verify. The industry has a fraud problem and everyone in it knows it. A dispatcher who reacts badly to a standard verification step is either a scammer or someone you don't want to work with anyway.

What Fake Dispatchers Actually Say: The Script Patterns

Vishing calls in freight follow recognizable script patterns. These are the phrases and conversational moves that appear across multiple documented incidents. Hearing one of these is not proof of fraud, but hearing two or more in the same call should trigger your verification protocol.

"Send the rate con to this email, our system is down." This is the single most common redirect technique. The email will be a free provider (Gmail, Yahoo, Outlook, ProtonMail) or a lookalike domain (e.g., swifttransportation.gmail.com instead of the real corporate domain). No legitimate carrier's email system is "down" often enough for this to be a normal request.

"My driver is already in the area, he can pick up today." Designed to create urgency and compress the time window for verification. Legitimate carriers do have nearby trucks, but they don't use proximity as a reason to skip standard booking procedures.

"We just switched dispatching software so our old number might show different." Pre-emptive explanation for why the phone number doesn't match the carrier's FMCSA registration. This explanation is almost never true. Carriers change dispatching software; they don't change the phone number on their FMCSA registration because of it.

"Can you send the BOL and pickup number so my driver knows where to go?" Requesting shipper facility details and reference numbers before the rate confirmation is signed. A legitimate dispatcher needs this information, but the timing matters. If they're asking for dock details before you've verified anything, they're building the toolkit for the pickup while you're still deciding whether to book.

"I don't have the MC number on me, but you can look us up by our name." Designed to slow down verification while maintaining the appearance of transparency. A dispatcher who can't provide their own MC number instantly is either new (verify) or not who they claim to be.

The 60-Second Verification Protocol That Stops Vishing

This protocol adds approximately 60 seconds to the booking process and catches the vast majority of vishing attempts. It works because it verifies the person, not just the carrier.

1. Record the inbound caller's phone number, the name they provide, and the MC number they give you.
2. Look up the MC number in FMCSA data (or use CarrierBrief's MC/DOT lookup tool, which shows the registered phone number, address, and contact details for any MC) and note the registered phone number.
3. Compare the caller's phone number against the carrier's FMCSA-registered phone number. If they don't match, proceed to step 4. If they match, proceed to step 5.
4. Call the carrier's FMCSA-registered phone number independently (not the number the caller gave you) and ask to speak with the dispatcher who just called you about the load. If nobody at the registered number knows about the call, you've identified a vishing attempt. Do not proceed.
5. Verify the email address provided for the rate confirmation matches the carrier's corporate domain. If the email is a free provider or a lookalike domain, ask for a corporate email. If they can't provide one, do not send the rate confirmation.
6. Send the rate confirmation only after steps 1-5 are complete. Never send a rate confirmation, BOL, or pickup details to an unverified contact.

This protocol is fast enough that it doesn't materially slow down legitimate bookings. A real dispatcher will give you 60 seconds. A scammer can't survive it.

Why Load Boards Are the Primary Attack Surface

Load boards are the entry point for most freight vishing attacks because they provide scammers with everything they need: load details, broker contact information, and real-time availability.

Public load postings broadcast the origin, destination, pickup date, commodity type, and broker name to anyone with a load board subscription. That's the full reconnaissance package. A scammer doesn't need to hack anything or buy stolen data. They just need a load board login, which costs as little as $40/month, and the ability to read a posting and make a phone call.

Think about that cost asymmetry. A brokerage might spend $500-$2,000/month on carrier vetting tools, fraud prevention services, and compliance staff. The scammer targeting that same brokerage needs a $40 load board subscription, a $10/month VoIP number, and a list of MC numbers copied from FMCSA's free public database. The total cost of launching a vishing operation is under $100/month. The tools that brokers use to prevent fraud cost 10-20x more than the tools scammers use to commit it. That asymmetry is why vishing is growing faster than any other freight fraud vector: the barrier to entry is essentially zero.

Every load you post is simultaneously visible to legitimate carriers and to scammers scanning for targets. The scammer sees the same posting the carrier does and calls you with the same information the carrier would have. The posting itself is the attack surface.

The mitigation isn't to stop posting loads. It's to recognize that any inbound call referencing a posted load requires identity verification by default, because the information in the call proves nothing about who the caller is. Our guide to load board fraud and fake carriers covers the broader load board attack surface in detail.

The Email Domain Check That Catches Most Attempts

If you implement only one anti-vishing measure, make it an email domain policy. Reject rate confirmations sent to free email providers (Gmail, Yahoo, Outlook, Hotmail, ProtonMail, iCloud) and require a corporate domain that matches the carrier's legal name or DBA.

This single rule catches the majority of vishing attempts because scammers almost never control the real carrier's email domain. Brokerages that have implemented email domain policies report that free-provider email addresses are present in nearly every confirmed vishing incident they've documented, making the email check the highest-yield single filter available. They can clone an MC number, memorize fleet details, and rehearse dispatcher scripts, but they can't receive email at @swifttransportation.com because they don't own that domain.

The objection brokers raise: "Some small carriers really do use Gmail." That's true. Some owner-operators and micro fleets use personal email for business. But a carrier using Gmail who also has a different phone number than their FMCSA registration, contacted you about a load you posted 20 minutes ago, and is pushing for an immediate tender is not a small carrier with a casual email setup. They're a scammer who doesn't have access to a corporate domain.

For small carriers with personal email addresses, the verification protocol in the previous section resolves the ambiguity: call the FMCSA-registered number, confirm the dispatcher, then proceed. The email flag isn't an automatic rejection. It's a trigger for the phone verification step.

When the Registered Phone Number Is Also Compromised

In rare but documented cases, sophisticated fraud operations have compromised the carrier's registered phone number itself, either by filing a fraudulent MCS-150 update to change the number in FMCSA records or by setting up call forwarding on the carrier's line. If the scammer controls the number you're calling back, the callback test passes even though the person on the phone is a fraud.

This is uncommon. The vast majority of vishing attacks rely on the assumption that you won't call the registered number at all, not that you'll call and they'll have intercepted it. But if you're booking a high-value load (over $100,000) or something about the callback feels off, add a secondary verification step:

1. Ask the person who answers a question that only the real carrier's office could answer: the name of their safety director, their terminal city, or the name of a specific shipper they haul for regularly. A scammer who filed a fraudulent MCS-150 won't know the carrier's internal operations.
2. Cross-reference the registered phone number against a second source: the carrier's website, a previous rate confirmation from a prior load with that carrier, or the phone number listed by the carrier's insurance company on the FMCSA insurance filing.
3. Check the carrier's MCS-150 filing date. If the filing date is within the last 60 days and the phone number is different from what was previously on file, treat it as a flag and verify through the secondary source before proceeding.

This edge case doesn't invalidate the callback protocol. It adds a second layer for loads where the stakes justify the extra 2 minutes. For the other 95% of bookings, the standard callback remains the single most effective anti-vishing control available.

What to Do When You Catch a Vishing Attempt

When you identify a vishing attempt, your response in the next 30 minutes determines whether the scammer succeeds with another brokerage that same day.

1. Do not confront the caller. Scammers who realize they've been caught will immediately move to the next target. Let the call end naturally.
2. Document everything: the caller's phone number, the name they used, the MC number they provided, the email address they gave, and the timestamp of the call.
3. Call the real carrier at their FMCSA-registered number and inform them that their MC number is being used fraudulently. They need to know because they may be getting used on multiple loads simultaneously.
4. Report the incident to the Federal Motor Carrier Safety Administration (FMCSA) through the complaint filing process. Include the phone number and MC number used.
5. Share the caller's phone number and the fraudulent MC usage with your carrier vetting team and any broker networks you participate in. Scammers reuse phone numbers across multiple attempts.
6. Alert the shipper for the specific load that was targeted. If the scammer has the pickup details (which they do if you posted on a load board), they may attempt to send a truck to the dock anyway using information from the posting.

A Side-by-Side: Legitimate Call vs. Vishing Call

Here's how the same load inquiry sounds from a real dispatcher versus a scammer, based on patterns documented across multiple incidents.

The setup: You posted a dry van load, Dallas to Atlanta, 780 miles, pickup tomorrow morning.

Legitimate dispatcher call:

"Hey, this is Mike at Redline Transport, MC-445920. We've got a truck that's dropping in Fort Worth this evening and your Dallas load works for a reload. What's the rate on that? ... $2.45? We can do $2.35, truck's gotta move regardless. ... Yeah, send the rate con to mike@redlinetransport.com, I'll get it signed back to you within the hour. ... Driver's name is Carlos, he'll be there at the dock by 7 AM, I'll send you his cell."

Vishing call:

"Hi, I'm calling from Redline Transport about your Dallas-Atlanta load. We can have a truck there first thing tomorrow, we're running that lane regularly. MC is 445920. ... Rate? We can do $2.10, we really need that backhaul. ... Can you send the rate con to redline.dispatch.mike@gmail.com? We're transitioning our email system this week. ... I'll have the driver info for you by tonight, just need to confirm which truck I'm putting on it."

The differences: the scammer quotes 15% below the legitimate rate, provides a Gmail address with a plausible-sounding excuse, and delays providing driver details. None of these is proof of fraud individually. Together, they form the pattern.

FAQ

How do scammers steal freight loads by phone?

Scammers steal freight loads by calling brokers while impersonating dispatchers from legitimate carriers. They provide a real MC number that passes standard vetting checks, negotiate a rate, and receive a rate confirmation with shipper pickup details. They then send a rented or unmarked truck to the shipper's dock, present the correct reference numbers from the rate confirmation, and drive away with the freight. The real carrier whose identity was used has no knowledge of the transaction. The entire attack depends on the broker verifying the carrier's MC but not verifying the identity of the person on the phone.

How do you verify a dispatcher is real?

Call the carrier at the phone number listed on their FMCSA registration, not the number the caller provided. Ask to speak with the dispatcher who just contacted you about the load. If the registered number reaches the carrier and they confirm the call, the dispatcher is legitimate. If nobody at the registered number knows about the call, you've caught a vishing attempt. This takes 60 seconds and catches the vast majority of impersonation attacks because scammers can clone an MC number but can't redirect the carrier's registered phone line.

Can someone steal a load with just a phone call?

Yes. A single phone call providing a legitimate MC number and negotiating a rate is enough to receive a rate confirmation containing shipper name, pickup address, reference numbers, and commodity details. That information is everything needed to send a truck to the dock and pick up the freight. The shipper releases the load because the truck has the correct reference numbers and the BOL matches. No hacking, no document forgery, and no physical break-in required. Voice phishing is the lowest-barrier entry point for cargo theft in the freight industry.

What is vishing in the freight industry?

Vishing is voice phishing: a social engineering attack conducted over the phone where a scammer impersonates a legitimate carrier dispatcher to obtain load assignments fraudulently. In the freight industry, vishing specifically targets the rate negotiation and load tender process, exploiting the fact that brokers verify carrier data (MC numbers, insurance, authority) but rarely verify the identity of the person calling. It has become one of the fastest-growing fraud tactics in US freight, with incidents increasing significantly year over year.

Why do fake dispatchers use Gmail addresses?

Fake dispatchers use Gmail, Yahoo, and other free email providers because they cannot receive email at the real carrier's corporate domain. If a scammer is impersonating Swift Transportation, they can't create an @swifttransportation.com email address. So they create something like swift.dispatch@gmail.com and provide an excuse: "our email system is being migrated," "IT is switching us over this week," or "I'm working remote today." An email policy that flags free provider addresses and requires corporate domain verification catches the majority of vishing attempts, because scammers who can clone an MC number and rehearse a dispatcher script still can't receive email at the real carrier's domain.

How do I protect my brokerage from freight voice phishing?

Implement three measures: an email domain policy that flags rate confirmations sent to non-corporate email addresses, a phone verification protocol that requires calling the carrier's FMCSA-registered number for every new carrier relationship, and a load board posting policy that avoids including shipper facility names or dock addresses in public postings until after the carrier is verified. The phone verification step is the most effective single control because it directly tests whether the person claiming to represent the carrier actually works there.

Are small carriers more likely to be impersonated?

Yes, small and mid-size carriers are disproportionately targeted for identity theft because they're less likely to have monitoring in place that detects unauthorized use of their MC number. A carrier running 5 trucks might not discover their MC was used fraudulently until weeks later when a broker calls asking about a load they never heard of. Large carriers with dedicated compliance teams and fraud monitoring catch impersonation faster, making their identities less useful to scammers. This is why carrier network analysis that detects shared identifiers between active and suspicious entities is valuable for identifying which MC numbers are being actively exploited.

What should a shipper do to prevent fake pickups?

Shippers should verify the carrier and driver identity at the dock before releasing freight. Confirm the carrier's name and MC number match the broker's rate confirmation. Check the truck's DOT number against FMCSA records. Ask the driver for their CDL and verify the name matches the driver information provided by the broker. If the driver can't produce identification that matches the carrier on the rate confirmation, do not release the load and call the broker immediately. A legitimate driver will have no issue with this check. A fraudulent pickup falls apart the moment someone asks for verifiable identification.

The Bottom Line

The four-minute phone call that cost the Atlanta brokerage $187,000 in stolen electronics passed every vetting check except one: nobody called the carrier's registered phone number to confirm the dispatcher was real. That single step, 60 seconds on the phone with a number you look up yourself instead of one a stranger gives you, is the difference between booking a load and funding a theft. The 60-second verification starts with pulling the carrier's FMCSA-registered phone number. Search any MC on CarrierBrief to get it in seconds before you call back. Build it into your process. Make it non-negotiable. The call that sounds perfectly normal is the one designed to.