Inside the fight against cyber crime in brokered-freight networks, with DAT's Jeff Hopper

user-gravatar Headshot
Updated Sep 18, 2023


For this edition of Overdrive Radio, DAT Freight and Analytics' Chief Marketing Officer Jeff Hopper speaks to the undeniable spike in double brokering, in identity theft and hop-in, hop-out "take the money and run" and schemes executed by a variety of dishonest players inside brokered-freight networks. The spike, which really took off last year, has led to a doubling of staff in DAT’s compliance department as well as a host of other in-process security enhancements there, some of which were previously detailed here in Overdrive in July. 

DAT's not alone, of course -- competitors and other service providers have been doing similar things when it comes ID’ing the various types of “bad behavior” and working with the good guys out there to put a stop to it where possible, in no small part thanks to the efforts of a myriad of small business truckers to raise the temperature around the issue of double brokering and other fraud.

Howes logoOverdrive Radio's sponsor is Howes, longtime provider of fuel treatments like its Howes Diesel Treat anti-gel and all-weather Diesel Defender, among other products.Among those is Matthew Patrick, with GMH Transportation. Regular readers may recall his two-part "The double-brokering slow burn" published here a couple weeks back: The two-parter outlined a year and more’s worth of efforts to identify bad actors and get them removed from the platforms where they ply their "trade" -- that'd be freight platforms of all sorts.  

DAT’s Jeff Hopper, in this week's podcast, called it all organized "cyber crime," really. Take a listen: 

Also in the podcast: 
A particular double brokering case that Patrick sent along early last week as we were getting ready to talk to Hopper. The case involved three different examples in which different brokers' loads were attempted to be double-brokered by a single entity, the “Cheetah Import and Export” company, originally registered as a broker in New York, now with an Ohio address. Unlike a lot of double-brokered loads Patrick has seen, in which carriers are ultimately paid (though at rates below what the original broker offered), with these loads the second broker offered considerably more to move the load than the original brokers, suggestive for Patrick of a company in what he calls the “take the money and run” phase of a double broker’s evolution, with no intent to pay carriers at all. 

[Related: A 'hit it and move on' broker scam -- and more loopholes].

You know the curve of such stories if you’ve read Overdrive over years now -- run up as much in revenue as you can, stiff all the carriers, and disappear into the ether when the bond is canceled and authority revoked: As I noted in prior reporting, part of our Broker Reforms series published early in 2020, bad actors executing such a scheme exploit the time lags in current notification requirements of surety providers and the Federal Motor Carrier Safety Association to run up as much business as they can before brokerage authority is revoked over valid claims from unpaid owner-operators and fleets. The "immediate suspension" part of this year's brokerage/surety-related rules-change proposals might go far to eliminate such time lags. 

Overdrive Radio logoSubscribe to the podcast on your listening platform of choice for early access to the weekly Overdrive Radio series -- it drops typically every Friday to the feed and follows here at OverdriveOnline.com and in Overdrive's Youtube and Facebook feeds the following week. You can subscribe for first access via Apple and Google podcasts, Spotify, TuneIn, most anywhere you listen.Over the course of the days leading up to September 1, when this week's podcast first aired for subscribers via listening platforms, the Cheetah broker’s bond company appeared to have notified the FMCSA of an impending cancellation -- a bond that was effective starting just in early August this year is now set to cancel September 29, flagged in FMCSA’s Licensing and Insurance public portal as such.

Contacted the morning of Friday, September 1, the bond provider noted five claims against the bond. Attempts to contact the broker by phone for comment yielded only a day’s-long busy signal. Email then sent to the entity's primary contact (an @gmail.com address) laid out all of these details and asked if the company planned to respond to claims on the bond. That gleaned just a short response in an unsigned return email from a rep with the display name "Gevork Sulian": “What are you talking about? What happened? We are 1 year in this industry and never had a problem with our carriers.”

Cheetah Import and ExportThe pending cancellation notice on the broker's detail page in FMCSA's Licensing and Insurance public portal.

Given claims and the pending cancellation notice, I suggested in a reply that the broker contact its bond provider if the company intended to remain in business, Sulian responded this way: 

"We don't have any issue or problems with our Bond, and maybe the web was not updated and that's why there is showing some notes." 

As far as Matt Patrick could tell on Friday, despite Patrick's double-brokering complaints to DAT about this particular company, it was still able to post loads on the board. DAT reps, including Hopper in the podcast, assured that that they investigate all complaints but declined to speak directly about individual customers' accounts.

Be forewarned if you run across a company posting excessively high rate offers. If it looks too good to be true, you'd do best to keep your skepticism high. Scams abound, as Jeff Hopper further emphasized in today’s podcast.

[Related: DOT IG flags ongoing investigations around double brokering, other fraud]

Transcript

Jeff Hopper: Fall of last year, it was running in the range of four times more various forms of bad behavior than we'd ever seen.

Todd Dills: The voice you heard just up top there is that of DAT Freight and Analytics Chief Marketing Officer Jeff Hopper, who's been with the company now for decades and who was making reference to an undeniable spike in double brokering, in identity theft and hop in, hop out, take the money and run schemes and more, that has led to a doubling of staff in DAT's compliance department as well as a host of other in-process security enhancements. There they are not alone, of course. Competitors at truckstop have been doing similar things when it comes to IDing the various types of "bad behavior" out there and working with the good guys out there to put a stop to it where possible. In a small part thanks to those efforts of a myriad of small business truckers to raise the temperature around the issue of double brokering and other fraud.

Among those is Matthew Patrick with GMH Transportation in Vermont.

Regular readers may recall his two-part story, “The Double Brokering Slow Burn,” at overdriveonline.com a couple of weeks back now, outlining a year and more’s worth of efforts undertaken to identify some of the bad actors, and take action to get them removed from the platform’s where they apply their quote unquote “trade.”

DAT's Jeff Hopper, in today's episode of Overdrive Radio, called it veritable organized cyber crime, really. I'm Todd Dills, and before we get into my talk with Hopper featured on this episode, I want to get to very particular case that Matt Patrick sent to me earlier this week at about the same time I was getting ready to talk to Hopper. Case involved two different examples in which two different brokers loads were attempted to be double brokered by a single entity, the "Cheetah import and export” broker, MC number 1477261. What stood out to Patrick was that in each double brokered load case, Cheetah offered considerably more to move the load than what the original brokers offered the carrier.

Suggestive of a company in what Patrick calls the "take the money and run" phase of a double broker’s evolution. You know the story if you've read Overdrive over years now. Run up as much revenue as you can, stiff all the carriers and disappear into the ether when the surety bond is canceled due to claims. Over the course of the last few days, it does look like the broker's bond company has notified the feds of impending cancellation. A bond that was effective starting in early August is now set to cancel September 29th, flagged in FMCSA's licensing and insurance public portal As such. I called the bond company this morning who noted five claims for nonpayment already, the largest of the claims for $5,000. I tried to call Cheetah Import and Export for comment only to get a days long busy signal over the phone. Sent email to their primary email contact, laying out all these details and asking if the company planned to respond to the surety's claims. That gleaned only a short response and an unsigned returned email from the rep with the display name “Gevork Sulian”:  

"What are you talking about? What happened? We are one year in this industry and never had a problem with our carriers."

Be that as it may, Matt Patrick reported the double brokering activity to DAT at the same time he notified me about it, too. As far as Patrick knows, despite having filed complaints against this particular company, they're still able to post loads on DAT as of Friday, September 1st. I do have assurances from the load board that they are investigating all complaints, but be forewarned if this company comes calling to you, or you run across any company’s overly high rates on the board.

Scams abound, as Jeff Hopper further emphasizes in today's edition of Overdrive Radio, posting to the feed Friday, September 1st and going live overdrive online.com/overdrive-radio on Monday, Labor Day, September 4th. On the other side of a break, then, Hopper on what he feels is new investigative prioritization being put on transportation cyber crime of all stripes at the very highest levels of law enforcement, in fact. Keep tuned.

Speaker 3: Want a squeaky clean fuel system for your diesel? Today's your lucky day. Use Howes Diesel Defender with IDX4, the strongest most effective cleaning agent you can find in a fuel additive. Destroy the toughest carbon, deposits and clean your entire fuel system in just three treatments with Howes Diesel Defender. A clean fuel system means optimal performance, and increasing your fuel economy by 5% or more. Guaranteed. Howes Diesel Defender. For every diesel.

Todd Dills: That's H-O-W-E-S, howesproducts.com. And here's Jeff Hopper laying the groundwork for the recent surge in fraud all around freight networks.

Jeff Hopper: And we are by no means new to this double brokering and policing the network on a variety of topics, whether it's cargo theft or double brokering or lack of payments. We have a very large network and we do a couple million loads a day, so you can imagine what that size and we do about 240,000 transactions a minute on our platform. So in there is a lot of activity, and in there has always been, for 45 years we've been doing this, a need to intervene in helping making sure the behaviors on our network are appropriate. So we've been at this a long time. We've won awards for stopping criminals stealing freight or a number of different things with the FBI and other associations over time, but you're right in that... We've always been on top of that, and responding to all the issues and needs and things going on on a constant basis.

And then about a year ago, maybe a little more, as the freight cycle went down, the prices... So the war in Ukraine, et cetera, just everything started to go haywire. And that's typically what triggers some of these bad behaviors from some folks. It started to spike up, and then by fall of last year it was running in the range of four times more various forms of bad behavior than we'd ever seen. And so that was when it was like, what the hell is going on? And so we were battling it, battling it, and then step back and fundamentally try to understand what's causing all these issues. And I'll tell you, now in hindsight, after all this work that we've done, it's really cyber crime. And cyber crime can exhibit itself in double brokering. It's usually the point of it. But the difference is they are using cyber criminal tactics to introduce themselves without permission into freight transactions, whether it be by phishing logins accounts and introducing themselves in or getting MC numbers that are here today, gone tomorrow, and introducing themselves and then taking loads, then double brokering them.

But then either keeping the money between the legitimate broker and carrier, et cetera. There's so many schemes, there's hundreds, literally hundreds of schemes that people use. Very often, they're operators from outside of the US. They're not even in our industry. And I would say that's one key takeaway, Todd, is that we often think about, gosh, if we could just get that bad broker or carrier that's in the industry, some American person who's maybe been in trucking, been in brokerage for a while, and now they turn bad, that just doesn't happen that much. They don't last long in this industry, if you can't be trusted. We're talking about criminals. Pullout, some of them... There is arms that operate in the United States. There's the famous Armenian connection down in Bakersfield and whatnot, the 818. So that's been going on for quite some time. We do everything we can to keep them out of our network, but there's a lot of networks.

And so this is by no means a DAT problem. Every load board, every platform in our industry has seen this onslaught, that we hadn't seen at the same levels previously. So if you look at financial services and other industries, they've been riddled with this for years. And now some of these cyber criminals have seen the opportunity in the supply chain space and transportation industry, freight and logistics coming in and saying, "Hmm, looks like there's some ways to make some quick money here." But when you step back and look at fraud at the macro level, and we've done this with the FBI, it's pervasive everywhere. It's pervasive in each of our individual lives. I can't tell you today how many emails and text messages I've got that I can't click, because someone's trying to phish me. And that's what we're talking about-

And so what's happening is our users will click something and then they get their logins compromised, and one of these cyber criminals go, "Okay, got one on the hook," and they go and they commit fraud. That's really what's happening in the world today, in the majority of it. And then there's some bad players that are in tough times and they're trying to take advantage of the systems, but what you see is the most egregious fraud that's being committed are usually cyber criminal organizations and sometimes it's like... We've been working very closely with the FBI and so they've been really invaluable to help us understand what's really going on out there. The good news is they're on top of this, and so the country of Nigeria is one of the biggest ones that I didn't even know. We know Armenia and Russia and a number of those kinds of countries that-

Todd Dills: Those are the longstanding-

Jeff Hopper: Longstanding-

Todd Dills: They're in freight.

Jeff Hopper: Exactly. We know those countries and now it's Nigeria. Yeah, it's like the whole country has kind of mobilized as a business almost to do cyber crime. And it's almost state sponsored, to some extent, because it's allowed to happen. And the good news is our law enforcement, federal law enforcement agencies... I'm working with a gentleman from the FBI here in Portland, and he spent months over in Nigeria trying to shut some of this stuff down. Again, it's across multiple industries though. So the other good news is that the FBI cyber crime units that are... There's like 56 different operating offices in the United States, they are all focused... So they show this map of all the industries and all the fraud and cyber crime that's happening in all of them. So it's pretty pervasive. So they have to prioritize. And so they've prioritize three industries to really focus on for the sake of our national security and that's defense.

So you can imagine they've got to make sure that cyber criminals aren't able to hack into defense companies, energy, so our energy grid, and making sure that cyber criminals aren't able to hold hostage our energy grid and other kinds of things. And then transportation, supply chain, they can't screw up our supply chain. So that's us. And so the reason they're giving us special attention is because we're the largest in North America and so they want to help make sure that we're able to fight the criminals and actually remove them, prosecute them from being able to operate. So I've learned a lot in the last year, I'll be honest with you. Everything that I ever wanted to know about cyber crime and fraud and all the double brokering that goes on. It's unfortunate that we have so much crime in the world today, and that older people in our society, some of our less technically savvy, let's call it, are being victimized the most from these schemes that go on every day.

Todd Dills: Stick a pin there in Hopper's mention of the Federal Bureau of Investigation cyber crime priorities these days and those field offices. For a lot of truckers, it's long been taken as a kind of given this such high law enforcement levels couldn't care less about evidence of double brokering and/or identity theft and nonpayment. Hopper feels that's just not the case at this point. And it's incumbent on truckers and brokers both to report this stuff when they see it, not just to DAT but to your home location’s FBI field office as well. Cyber crime extends right up into infiltration, in various ways, of the FMCSA’s carrier and broker registration systems. The agency is working on a new system of protocols that Jeff Hopper detailed a bit in what follows.

Jeff Hopper: Longstanding challenges with FMCSA is the wheels of government move slow in terms of making improvements to their system, but they are making improvements. They just recently passed a new rule where you have to show... I mean this is shocking, you would assume they had this in place before, but you have to show valid ID to change your account information on your MC number. Before someone could just call up and say, "Hey, I want to change my address and my MC number," and they didn't even check to make sure you were the person that had the MC number.

Todd Dills: That made it pretty simple to take over a carrier's profile there. Something I've seen in cases going way back. Carriers and brokers no doubt have gotten the agency's attention in the last year. That's sure, anyway.

Jeff Hopper: And I think they know that they've got to tighten things up. I'll be at meetings with their top people next month in DC, and pushing as hard as possible to say, you got to do better, you got to move faster, you got to do better, because the system is riddled with holes that we can't constantly plug. Right?

Todd Dills: I imagine that the complaints about folks that you get out there, it's just like whack-a-mole, right?

Jeff Hopper: Whack-a-mole. Exactly.

Todd Dills: You shut one down, you shut down another.

Jeff Hopper: I just want to give you that backdrop because we've learned a lot, and I think we have a fairly unique perspective, from what I can see, on what's really going on out there. And so once you really know what's going on, then it's not just a couple bad, I always say a couple bad bubbas out there like running some trucks and committing all this.

Todd Dills: Yeah, it's organized. This is organized cyber crime essentially.

Jeff Hopper: It's very sophisticated. And so therein lies what we're doing to combat the problem. It is germane to and tied to what the problem is. And so we've hired some of the best cyber crime companies in the world to help us to evaluate what's going on and to come up with a plan and a strategy of how do you battle this? And I would say at a macro, macro level, you're not going to... We, DAT, or any other company, you can pick one, can't go and shut down the activity from happening outside of our borders, for example, in some of these countries. That's other people's jobs and they're going to do the best they can. So what we can do is to make sure we have a really good defense systems. And so that's what we've been focused on is making sure that we have great systems that we provide for all DAT systems to make sure that we're secure and protected, and that we can give to our customers so that they're secure and protected as can be.

Then we have from there, it's more of the proactive capabilities to be constantly on top of detecting the fraud and preventing it, potentially before it happens. Whereas today... Let me give you a few numbers, today, we're fairly reactive. We only know of the fraud when it's reported to us. And we get lots of reports. We investigate 100% of every fraud reported. So one of the things with all of the people who follow you, report it, report it to us. If you've been frauded out of money, freight, report it to the FBI. They want every single report, we want every single report of something that's happened.

Todd Dills: He mentioned the FBI there again. Hopper recommends reporting it to your home location's office, and specifically report it in the context of the bureau's cyber crime initiatives, as he believes priorities is now being placed on transportation related frauds there.

Jeff Hopper: We then resolve 100% of every single report that comes in, and very often it results in the removal of that entity from our platform. And in the last year or so, we've removed 7,000 bad players from our network. 7,000. It's a crazy number. And that's obviously a much bigger number than it ever has been.

Todd Dills: Those are people with existing accounts that you found and realized that, wow.

Jeff Hopper: The numbers... There's thousands more that we've blocked from ever coming on. And that's where the defense systems, that we're putting in place, which is like, okay, we can now detect bad actors before they're even allowed on. Whereas before it's like, "Well, you've got a valid MC, everything seems to check out. We have no reason to believe you shouldn't be on the platform." And so we're just getting more and more sophisticated with our capabilities to understand all that. On the defense mechanisms we call it build the perimeter walls, if you will, really strong.

So we have invested a lot in cybersecurity for our platforms and we've had lots of outside third parties investigate every possible aspect. We have no knowledge of any breach of any DAT systems ever. So we have no knowledge of that. You always have to be careful when you make a statement like that because... We've looked, we've analyzed, we've had some of the best companies analyze and we're not aware of any of those. So cyber security for us, for everybody else out there, is job one. The number of colleagues in various industries and companies of people I know, just friends of mine or former colleagues that have been hacked is also insane.

Probably [inaudible] ransom. And it's crazy. Once that happens... So you have to have good cybersecurity in place for your company and your systems.

Todd Dills: When you're talking about this, you're talking about DAT itself, you're talking about the [inaudible]

Jeff Hopper: I'm talking about both. That's one of the things that we have done, is we are constantly investing. It's a top investment priority for this situation overall, and one of the first elements you have to do is make sure you've got great cybersecurity in place. We've done that at [inaudible] and we recommend to all of our customers and partners that you need to make sure you're investing in that as well. There's absolute things in cybersecurity to do, and also things like training for employees of how not to get phished. We have this training on a constant basis, Annabel, myself, we all have to go through all this training, and rigorous tests constantly on how to not get phished or tricked by some of these schemes that go on. So all that's cybersecurity.

Number two, we have increased the protections of validating anyone trying to get on the platform. So those come in various forms. There's a multifactor authentication, which is really, are you who you say you are. And now you have to go through a number of different multiple factors to actually log into our system. The other part of that is ID verification. So we're investing in the most sophisticated ID verifications to make sure that everything lines up... It's like we're talking about with FMCSA when how they require photo identification to change anything in their account. So it's beyond that.

It's many different factors to basically validate that there are no known aspects to this entity trying to be a customer, get onto the platform or operate on the platform that everything lines up. And it's a lot of simple things like a registration, an MC matches a business address, or if it's a PO box, it's not going to fly. Using the same FMCSA numbers or the same phone number that's already exists in our system, but you're a different company. So we can check all those things and make sure that, "Okay, these are things we can do to prevent a block at the gate," if you will.

Todd Dills: Those kinds of things are happening in the background.

Jeff Hopper: Yeah, they happen-

Todd Dills: These are automated checks that you've programmed.

Jeff Hopper: Correct. Correct. Then the third thing that we're doing is how do we detect and monitor fraud? We have a huge data division basically that we've built up in our data and analytics team, and so we utilize that to develop a schema in which we're able to look at dozens and dozens of factors that you would want to constantly monitor and assess to see if there's any risks happening on the platform today. So I'm sure the example that you're going to share with me is one that we would detect if we had this system fully in place.

Todd Dills: And that's that Cheetah Import and Export example I mentioned at the top of the podcast that he's referring to there. I shared a little about it early in our talk.

Jeff Hopper: Where maybe someone's posting a load, or they might be searching for thousands of loads and they're a one truck company or they're a very small broker, but they apparently are... There's activities on either the postings or searches or whatever that are going on that seem to be abnormal or suspicious. And those generate flags that we can then... I have a compliance team of over 20 people. We've increased the size of our team by... We've basically doubled it in the last couple years, that then they're highly trained, really, really sharp people.

They're the best that we've got to go in then and find, okay, let's take that flag that was generate if something looks a little suspicious or a little bit off, so in this monitoring and go run that down and see if there's a there, there, and then take the appropriate action once that is done. So that's the proactive part that we've not really had until now as we're implementing some of these capabilities. And I'll be honest with you, before the amount of fraud that was going on was manageable based upon reporting. "Oh, you're reporting fraud. We go chase it down, we block them, we kick them off."

Todd Dills: The old whack-a-mole routine mentioned earlier.

Jeff Hopper: This never really got to a level like it is today. The fact that we're having this discussion is really evident of the fact that fraud's much bigger than it ever has been and everybody's talking about it. And so now we have to invest in these more sophisticated abilities to battle sophisticated criminals.

Todd Dills: It's interesting, there's a lot of other folks doing this too. I think I shared it through some of our reporting on the Highway Company, [inaudible] truckstop.com and its RMIS subsidiary among others out there, including digital brokerage platforms of late, regular readers will recall. We reported on third party verification and monitoring systems within our trucking state of surveillance series in July. In that story, there was an example of a carrier flagged for fraudulent activity in error, creating headaches. I asked Hopper if DAT's new automated background checks were going to create new data wells that independent owner operators and small fleets might necessarily need to monitor for accuracy.

Are there other things that truckers need to be doing to monitor the monitoring system as it were. You know what I mean?

Jeff Hopper: Yeah. Yes. The reality is yes, and I would appeal to all the truckers as think of it as similar things happen in your personal life. How would you know if your credit card was compromised? You're going to have to monitor. Now your bank monitors that for you and it will say, "Ooh, there's just a charge, A suspicious charge is that you making that charge," right? "Oh my gosh, someone got my credit card information." Otherwise, you have to look at your credit card bill, you have to monitor, you have to do some... I think the first thing I would recommend to all truckers is know that there's a lot of these criminals operating out there, and so you have to be conscious about that. So secondly then, and being conscious is don't... Be careful of the phishing activities and those kinds of things. So be very-

Todd Dills: Emails and texts and calls.

Jeff Hopper: Emails, text, all of it. So the text, the [inaudible] is smishing, it's the same thing. And then embrace MFA immediately if not sooner.

Todd Dills: MFA, that's multi-factor authentication, if it wasn't clear.

Jeff Hopper: You got to be on M F A. That's because the odds of someone being able to compromise your logins, if there's multi factors because they don't have your phone. So what multifactor does is like, okay, you just tried to log in, but now we're going to send you a code and you have to dial from your phone and now that's you. The odds of a criminal in Nigeria, having your phone or being able to spoof that is virtually zero. So embrace the MFA. Make sure you have very strong passwords. You'd be shocked at how many of our truckers have their password is literally P-A-S-S-W-O-R-D or 1, 2, 3, you can imagine.

So have a strong password because the criminals out there have various techniques where they can crack a simple password. So we have 15 character passwords now that you need to have a very... You've seen... You've logged in a thousand times, right? Strong versus medium, versus not very strong passwords. Have a strong password, then you don't have to worry about it. That's at least one less thing to worry about it with a strong password. And then if you have MFA. And then the next thing I would highly suggest is if something looks suspicious, pause, check it out, verify, trust, but verify. So if there's a price on a load that looks too good to be true, it probably is. No one in this market right now is giving away money.

So if you're looking at a load that's like, "Wow, that's a great price, I'm going to jump on that." You should really run it down and call that broker and verify that they are legit, because trust me, brokers aren't making that much money in this market either. They're not going to jack up the price. It's usually a fraudster that got in the middle and jacked up the price so that some unsuspecting, legitimate trucker says, "Oh my gosh, that's a great load. I'm going to jump on that." And then next thing you know, you're getting tricked.

Todd Dills: Or it could be a broker like the one mentioned at the top, registered, and for all intents and purposes, at a glance, appearing legit, but offering up good rates to get a trucker to bite, get the loads moved, get paid, and never pay the trucker.

Jeff Hopper: If they've had their credentials compromised, the main thing there is to change your password regularly. Check it out. It's like any of us. There is some damage that's been done when you've been compromised and the broker, in this case, flags you as like, "Hey, this entity doesn't appear to be someone to do... They're suspicious." Or you say, "Hey, no, no, I got hacked. I got hacked." And so it wasn't... Well, it's still your responsibility though, to protect yourself and not get phished. It's nothing that DAT does. We literally can't... The only thing we can provide are the tools, MFA et cetera, so that you can have protections in place, but we can't... If you get phished, it's kind of on you a little bit. Same with our employees. If one of our employees gets phished, we hold them accountable.

You've been trained and you're not supposed to do this, and it happened to you. Now, we know... It's just they're accountable for what they did and that's just the way the world is right now. So invest in the protections. And again, I would just go back and say what truckers need to understand is, this activity is pervasive out there, and it's constant. It never stops. It just never sleeps. And so there's bots, so now it's even automated. The criminal activity is automated. The bots are hitting stuff. They're not even people, they're digital threat systems bots that are operating, just hammering, hammering at trying to find the unsuspecting individual. I hate to be the bearer of that news, but that's what... First it's just like, okay... It's like I don't park my car in bad neighborhoods. I assume it's going to get broken into If I leave valuables in my car in a bad neighborhood, it is probably going to get broken into.

Todd Dills: Funny question, Jeff, have you seen bots posting loads on DAT?

Jeff Hopper: Yes. And we try to [inaudible] those as well. Yeah. It's when they compromise a login and are able to do that then they... It's a technique that gets deployed like any other technique. It could be a human, but in the case of it's a digital means of doing that. And so that's actually easier for us to detect because there's no way that a human is posting that many loads. And so we can chase that down fairly quickly. And so that's another... But it's very fascinating. This is actually another topic maybe for another day, but AI, so this basically the bot is a form of AI, and it's a digital means to do this. And there's both good and bad. So there's bad AI out there, bots, et cetera, trying to do bad things. And it has to be fought equally with the good AI to prevent that, because machines are going to fight machines. This is now sounding really creepy.

Machines are going to fight machines more effectively than... And so we're investing a lot in AI to make sure that we have the most sophisticated, never sleep systems to protect us as well. And some of those sophisticated schemes in which we constantly are monitor, think of it as an Overwatch system of how you monitor everything. There's going to be a significant amount of AI deployed in a good way to make sure that it's constantly looking at these things. I don't have enough people in my team to look at every single load post or truck post or transaction that goes on, but you know what can? AI. Machines can do that. And then what it does is it generates flags. So it's always a combination of AI, some kind of automation connected to humans, because the AI also can't go resolve it, right? It's got to be, "Hey, I detect something suspicious, go check it out human." That's how that's going to work.

Todd Dills: You're at the point with the additions to your compliance staff to handle all the complaints that are coming in? That's something I've heard a lot about over the past year or so, and I know I've mentioned it to you guys before, just lack of resolution of a lot of them, lack of response in some cases. Are you keeping up with them, I guess?

Jeff Hopper: We are. We are. But I do get those complaints time to time as well. And what I can tell you is every time I chase down the complaint of, and I do personally, the lack of responsiveness or lack of a resolution, or something that didn't go quite to the expectation of the customer on the other side, we keep very detailed logs of... We record all the conversations in case we needed to go back and see what went wrong. And every single time without exception, when we go back and understand, well, what happened in this particular case? It was usually the customer was super frustrated and wasn't happy with the outcome that we couldn't make different. The outcome being, I can't fix the fact that this happened, and now it needs to go to a legal means and back to the FBI. One of the things that we are working with them on, and I was pleasantly surprised of what they can do.

And so this is one of the things my team does is they work with the FBI or encourage the customer to very quickly report this fraud that happened, and report it to us and we'll help you report it to the FBI. In 73% of the cases, they are able to stop the payment or the criminal transaction from taking place, and they can retrieve that loss. 73% of the time, they have a 73% success rate. And especially if it's anything going outside of the United States, they can stop that money from traveling outside of the United States, for example, is my understanding. And I'm a little bit out of my territory of how they do it, but that's... Because ultimately back to the customer frustrations. They just want their money back. They want to get paid. So I just hold this load and I'm not getting paid. There's not a whole lot we're going to say that's going to satisfy, except "Sorry."

But there are things that we can all do if we move quickly. So I think there's all the prevention stuff we talked about. Really look carefully at who you're doing business with. Double check, verify, call them. If you look at the fraudulent indicators, like from a posted load, if you look really closely at the company they claim to be, it might even be a big broker, it's something will be off, something will be a little bit off in the URL, something will be off in the logo. Because they can't use that URL, so they have to use something that looks... If you look closely, there's like one character difference or whatever.

Todd Dills: Well, a lot of these networks though, they appear, to the casual observer, as entirely legitimate. They may even have their own website, and they're in FMCSA’s registration system. And they're clearly connected to multiple carrier entities, and they're registered all over the place at various virtual offices and what have you. Those are hard to detect. But in cases like that where there's obvious double brokering going on, does reporting to the FBI cyber crime unit work, too, given that these are registered and authorized entities plying their business?

Jeff Hopper: Absolutely. And I think even more importantly, if they're a registered... I mean if they're an operating entity that the FBI can literally go talk to, they will investigate and take the appropriate action with them, if they can find the people. But there are already cases increasingly where they are finding the criminals and removing them, prosecuting them. And so it's a grind, but it has to start somewhere. And I think reporting, getting them to investigate and then prosecuting some of these, I personally, I don't know this to be fact, Todd, so take it for what it's worth, but my sense is that there's more criminals operating in our industry than ever, but it's still not a massive amount of criminals.

They just have a very, in digital fraud capabilities, they can have a very large footprint without a lot of them being there. So I don't think this is half of all the brokers and/or carriers are fraudulent or even some. I think it's a small amount, a relatively, relatively small amount of bad actors that... I do know some of the data that they've never been prosecuted. And increasingly some are, but by and large, over the past however many years.

Todd Dills: The only thing that happens to them is their authority is revoked and they just go...

Jeff Hopper: And they just get a new one. Under a different name. And that's where those tightening up, how FMCSA verifies identity, how we verify. So that's going to...

Todd Dills: All that helps.

Jeff Hopper: That will help. But it's hard. I can tell you, I look at this stuff and I say, well, gosh, I mean it looks legitimate. And so we're just getting more sophisticated on finding some nugget that would indicate otherwise.

Todd Dills: Basically you're trying to use all the digital footprint of these networks to identify the people and keep them from coming in this way or coming in that way, and then trying to do it again.

Jeff Hopper: Cyber crime has to become... So part of what didn't happen before was there was very little prosecution. The FMCA database had 88,000 was the last number I heard a while back, reports with nothing happening to it, nothing. Never went anywhere. They get filed into a database and forgotten. So unless there's some kind of prosecution, it's never really going to go away. And this small amount of people just recycle in different places under different identities and different whatever. So I think we need to make sure that we're raising the flag, and that's some of the work that I'm doing personally, is making it a bigger issue. And previously, cyber crime didn't get a lot of investigation and prosecution because why, in today's law enforcement world, there's so much criminal activity, if someone's not hurt, like if there isn't harm being that has been done to a person-

Todd Dills: Physical harming.

Jeff Hopper: Physical harm, it often didn't get investigated. And now they're changing that because they see the harm is in a different way, where people's livelihoods are being impacted. And so we just need to raise the flag in all corners that this is an important thing to go do. And I'd heard this story from somebody else, but I thought it was a really good one, and it was talking about in their town, small city that they operate in, there was a bank robbery. So think about classic bank robbery, and they stole $50,000 or whatever it was. And every single law enforcement agency in that area, federal, state, local, was trying to find the bank robber. A $50,000 truckload of freight gets stolen, and it's just another day.

It doesn't even get investigated. It doesn't even get investigated, right? So it's fascinating. The trillions of dollars that are being stolen in cyber crime, trillions globally. Number in the US is still massive number. It's the fastest growing crime. It's a massive amount of... There's companies that are being ransomed for millions and millions of dollars. And they're just operating with almost impunity. Yet someone goes and robs a bank per $20,000 or whatever it is, the dogs come out and they search for that person till the end of the earth. Right?

Todd Dills: News from earlier in the week from the Department of Transportation's, inspector General, responding to several Congress members urging OIG to establish a fraud task force to investigate and prosecute various forms of freight fraud, including double brokering and cargo theft by misdirection and the like. News showed the OIG flagging several ongoing cases there, most involving household goods related schemes directed at consumers by unscrupulous companies. Meanwhile, though, of 13 double brokering cases OIG noted it investigated or is investigating, seven of those 13 have been closed. Three were declined by prosecutors entirely, three were closed without a referral to prosecutors for lack of evidence, and just a single case led to a criminal conviction. Of these six cases that remain open, one case has resulted in a criminal conviction thus far. And that's it. In short, we'll see if anything changes and Hopper's right. Meanwhile, if you ever had a doubt about an unusually high rate offer, you might learn a little if you call the broker's bonding company and ask how many claims are open on that bond as noted at the top. If any, stay away.

Here's thanks to Jeff Hopper for joining. To Matt Patrick for sharing the intel, and to you for listening. I'll drop links to resources around fraud prevention from both DAT and Truck Stop, both of which we've reported on in the show notes, wherever you're listening. Overdrive Radio's on Apple and Google Podcasts, SoundCloud, Spotify, Podcast Addict, Overcast FM, and many, many others, including the world-famous overdriveonline.com/overdrive-radio, where this one we will post on Monday, September 4th. Here's a big thanks for listening. Any feedback or tips, you send to me directly. Use our podcast message line at 615 852 8530.