The Transported Asset Protection Association is warning the industry about a new cargo theft method that does not rely on fake companies or stolen identities. Instead, it works by placing operatives inside legitimate trucking companies and using normal operations to move freight into position before it is taken. The group is calling this the “Trojan Driver Scam,” and it shows how theft is shifting into everyday activity instead of trying to break into it.
At a basic level, the approach is direct. Theft ring operatives get hired as drivers at real, fully vetted trucking companies. If they pass the hiring process, they run loads like any other driver. Nothing stands out during this stage because the goal is not to act right away. The goal is to gain access. Over time, that access puts them in position to be assigned a high-value load.
How the Trojan Driver model works
Once the right load is assigned, the process moves to the next step. According to TAPA, the driver is told to park the loaded truck at a set location during what looks like a normal break. During that stop, the driver is not present and a separate crew removes the freight. That detail is important because it makes the situation look like a routine theft, with the driver appearing to be a victim instead of part of the plan.
From there, the outcome follows a pattern. The trucking company terminates the driver for breaking protocol, which is exactly what would normally happen. In this case, that step is expected. Once removed, the operative moves on to another trucking company and repeats the process. TAPA describes this as a six-step model, which shows that this is not random. It is structured and repeatable.
TAPA outlines the Trojan Driver Scam as a six-step process:
- Theft ring operatives secure driver positions with legitimate, fully vetted trucking companies
- After passing hiring checks, they operate normally until assigned a high-target load
- On instruction, the driver parks the loaded truck at a predetermined location during a routine break
- A separate crew removes the freight while the driver is absent, making it appear opportunistic
- The trucking company terminates the driver for violating protocol, as expected
- The operative moves to another trucking company and repeats the cycle
This structure is what makes the model effective. It moves through normal operations without raising concern and resets itself after each event.
Why this is different
“This represents a dangerous evolution in cargo theft tactics,” said Scott Cornell, who first identified the scheme. “Criminal networks are no longer just creating fake companies they’re infiltrating real ones.” He explained that the strength of this approach comes from how it uses trust that already exists in the industry. A trucking company can have clean authority, strong reviews, and a good history, and still be part of a theft without knowing it because the problem is already inside the operation.
The warning comes at a time when cargo theft is already rising. Data from Verisk’s CargoNet shows 3,594 theft incidents last year, with an estimated $725 million in losses. Strategic theft methods, including double brokering and motor carrier number fraud, made up 1,839 of those incidents in 2025. TAPA noted that these numbers only reflect part of the problem because reporting is voluntary, which means the real total is likely higher.
“Cargo thieves are constantly pressure testing new methods, and we have already seen multiple instances of this tactic being deployed,” Cornell said. He added that while the industry has made progress, criminal groups are moving faster and adapting quickly. He stressed that better coordination across the industry is needed because these groups operate in organized networks.
What the industry needs to do next
Cindy Rosen said that dealing with threats like this requires a more consistent approach across the supply chain. “The industry can no longer combat sophisticated organized crime with fragmented, inconsistent approaches,” she said. She pointed to TAPA’s role in bringing different parts of the industry together and highlighted its security standards for facilities, trucking companies, and freight brokers as tools to help reduce risk.
TAPA is also recommending practical steps. One key move is for trucking companies to run thorough background checks and for brokers to work with their partners to require drivers to be with a company for six months to a year before handling high-value loads. This adds time and makes it harder for operatives to move quickly between companies.
Rosen described the warning as a reset point for how risk is viewed. “The Trojan Driver Scam is a wake-up call,” she said. “It reminds us that the industry needs to constantly reassess our assumptions about where vulnerabilities exist.” She added that supply chains are only as strong as their weakest link, which is exactly what this model is designed to target.
The key takeaway is that this approach does not break the process at the start. It moves through it. By the time the load is in motion, the conditions for theft are already in place, and the situation looks normal until the outcome is clear.
Click here for more articles on cargo theft and freight fraud by Phillip Brink.
The post Trojan Driver scam infiltrates legitimate trucking companies appeared first on FreightWaves.
