The Invisible Email Scam: How Fraudsters Blind Dispatchers and Steal Loads
Criminals mark legitimate broker load emails as spam to hide them from dispatchers. Numeo's AI detects this tactic in real time and restores visibility before any load is lost.
Security
The Invisible Email Scam: How Fraudsters Blind Dispatchers and Steal Loads
A freight dispatcher's inbox is the nerve center of their operation. On any given day, dozens of load offers, rate confirmations, and broker communications flow through that inbox, each representing a potential revenue opportunity. The invisible email scam exploits this reliance by turning the dispatcher's own inbox against them — silently hiding legitimate load offers in the spam folder while a criminal intercepts and accepts those same loads under the carrier's name.
This tactic is a critical component of the broader carrier identity theft ecosystem. It is particularly insidious because it requires no technical sophistication to execute once an email account has been compromised, and it can go undetected for weeks. Numeo's AI-powered platform is specifically designed to detect and neutralize this attack, alerting carriers the moment their broker communications are being suppressed.
How the Invisible Email Scam Works
The invisible email scam typically begins with a phishing attack. The fraudster sends a convincing email to a dispatcher or owner-operator, impersonating a load board, a broker, or even a government agency such as the FMCSA. The email contains a link to a fake login page that captures the dispatcher's email credentials when they attempt to sign in.
With access to the email account, the attacker sets up inbox rules — automated filters that most email platforms support — to redirect specific emails to the spam or trash folder. These rules are typically configured to target emails from high-value brokers: the companies that send the most load offers and represent the most revenue for the carrier.
From the dispatcher's perspective, the inbox simply goes quiet. They stop receiving offers from those brokers and assume that freight is slow or that the brokers are using other carriers. Meanwhile, the attacker is receiving those same emails, responding to the brokers as the legitimate carrier, and arranging fraudulent load pickups.
| Attack Phase | What the Attacker Does | What the Dispatcher Sees | Duration Before Detection |
| 1. Credential Theft | Phishes dispatcher's email password | Nothing unusual | Immediate |
| 2. Rule Injection | Creates inbox rules to move broker emails to spam | Inbox goes quiet from certain brokers | Days to weeks |
| 3. Load Interception | Accepts loads as the legitimate carrier | No load offers from targeted brokers | Days to weeks |
| 4. Cargo Theft | Dispatches fraudulent driver to pick up cargo | Broker calls asking where shipment is | After delivery window |
Why This Scam Is So Effective
The invisible email scam succeeds because it exploits a fundamental trust in the reliability of email. Dispatchers are trained to respond to what is in their inbox, not to question what might be missing from it. When a broker stops sending load offers, the natural assumption is a business reason — the broker found a cheaper carrier, freight volumes are down, or the broker is using a different load board.
The scam is also self-concealing. Unlike a DNS hijacking attack, which requires changes to external infrastructure that can be detected by monitoring services, inbox rule injection happens entirely within the carrier's own email account. Without an intelligent monitoring system that understands what normal communication patterns look like, there is no automated way to know that emails are being suppressed.
According to a 2025 report by FreightWaves, impersonation scams are becoming increasingly sophisticated, with criminal organizations investing in tools and techniques that make their attacks harder to detect and attribute. The invisible email scam is a prime example of this trend: it is low-tech in execution but high-impact in outcome.
The Financial Impact on Carriers
| Loss Category | Description | Estimated Impact |
| Direct cargo loss | Value of stolen shipment | $50,000 – $500,000+ per incident |
| Insurance deductible | Out-of-pocket cost before insurance pays | $5,000 – $25,000 |
| Broker relationship damage | Brokers may blacklist carrier after fraud incident | Loss of recurring revenue |
| Legal costs | Defense against shipper/broker claims | $10,000 – $100,000+ |
| Operational disruption | Time spent investigating and recovering | Days to weeks of reduced productivity |
| Reputational harm | Negative reviews and word-of-mouth | Long-term revenue reduction |
Source: Industry estimates based on NICB cargo theft data (2025) and FMCSA fraud reporting guidelines.
Numeo's Intelligent Email Monitoring
Numeo's approach to the invisible email scam is grounded in behavioral analysis. Rather than simply scanning for known malware or phishing signatures, Numeo's AI builds a model of what normal communication looks like for each carrier — which brokers typically send load offers, at what frequency, and during what hours. When the system detects a significant deviation from this baseline — such as a sudden cessation of emails from a high-value broker — it flags the anomaly and alerts the carrier.
This behavioral approach is critical because inbox rules are not inherently malicious. Every email platform supports them, and legitimate users create them all the time to organize their inboxes. What makes an inbox rule suspicious is the context: a rule that moves emails from a major broker to the spam folder, created at 2 AM on a Sunday, is very different from a rule that organizes newsletters into a separate folder.
Numeo's system also works in conjunction with its DNS monitoring service. If an attacker has both compromised the carrier's email account and altered their DNS records, Numeo will detect both attack vectors simultaneously, providing a comprehensive picture of the breach and enabling a faster, more complete response.
A Dispatcher's Security Checklist
| Security Practice | Why It Matters | How to Implement |
| Use a unique, strong password for email | Prevents credential stuffing attacks | Use a password manager (e.g., Bitwarden, 1Password) |
| Enable 2FA on email account | Blocks access even if password is stolen | Use an authenticator app, not SMS |
| Review inbox rules monthly | Catches malicious rules before they cause damage | Check Settings > Rules/Filters in your email client |
| Verify sender before clicking links | Prevents phishing credential theft | Hover over links to see the real URL before clicking |
| Use Numeo's email monitoring | Detects suppressed emails automatically | Available on Numeo's free Lite tier |
Frequently Asked Questions
How can I tell if my inbox has been compromised by this scam?
The most common signs are: brokers you regularly work with suddenly stop sending load offers; a broker calls to say they sent you a load offer that you never received; or you notice inbox rules in your email settings that you did not create. Numeo's monitoring service will alert you automatically if it detects that emails from known brokers are being suppressed.
Does Numeo monitor my email content?
Numeo analyzes communication patterns — such as which senders you typically receive emails from and at what frequency — rather than reading the content of individual emails. This behavioral analysis approach allows Numeo to detect anomalies without compromising the privacy of your business communications.
What should I do if I find unauthorized inbox rules?
Delete the rules immediately, then change your email account password and enable two-factor authentication. Review your sent folder for any emails you did not send, and contact any brokers whose emails were being suppressed to inform them of the situation. Report the incident to the FMCSA and your insurance provider.
References
1. FreightWaves — Impersonation Attacks Are Here To Stay (Sep 2025)
2. FMCSA — New Phishing Scheme Targets Motor Carriers
3. NICB — Warns of Increased Cargo Theft in 2025
4. OOIDA — Truckers Report Email Scam Aimed at Hijacking Authority
5. Proofpoint — Cybercriminals Targeting Trucking and Logistics