Stop booking the chameleon carrier.
Every inbound quote gets scored against FMCSA authority, Highway identity, inbox-level signals, and your own carrier history — server-side, before the coordinator sees the row. Chameleon carriers, fake-MC rebrokers, phishing, and rate-con interception caught at the front door.
Freight fraud doesn't look like the movies. It looks like a clean email from dispatch@coldchian-logistics.com — one letter off — quoting your Memphis-to-Dallas reefer at $1,650 when the lane usually runs $2,100. The MC resolves. The DOT looks fine. The insurance is on file. A coordinator at 4:47 PM Friday afternoon books it, the load disappears, and on Monday morning your shipper is on the phone asking where their freight is.
The signals were all there. The domain was registered eleven days ago. The MC was issued in March. The previous fourteen replies on the thread were on a different corporate domain. The lane rate was two standard deviations under the rolling average. Any one of those is noise. Together they're a fingerprint.
That's what Keelway's fraud detection is. Composite signal scoring, server-side, on every inbound quote — before the coordinator sees the row.
What we catch — and how.
Chameleon carriers
A previously-bad MC rebrands under fresh authority — same operator, same dispatch number, sometimes the same address with a comma reordered. We match operator names, addresses, phone fingerprints, and dispatch-email domains across the revoked-and-replaced pool and surface the prior identity before you book.
Fake-MC rebrokers
Fresh authority (< 90 days), zero insurance history, bidding $200 below market on a premium spot lane that doesn't match the declared equipment or operating radius. Standalone, any one signal is noise. Together they're the signature of a rebroker — they don't have a truck; they're going to book it and re-broker it to a real (or fake) carrier.
Email-level phishing
Domain spoofing (cold-chain-logistics.com vs cold-chian-logistics.com), look-alike TLDs (.co vs .com), sudden signature drift on a 14-message thread, free-mail address replying to a thread that was on a corporate domain. We check SPF/DKIM/DMARC on every inbound and flag the drift.
Rate-con interception
A downstream party intercepts the rate confirmation and resends it with the remittance bank-account number swapped. We hash banking details against your prior pays to the same MC — when the routing/account on a rate con doesn't match the last six months of pays to that carrier, the rate con is held for review before settlement.
Six signal sources. One composite score.
No single signal kills a quote. The model weights the composite, and the weighting calibrates per-brokerage from your override history.
FMCSA direct →
Operating authority status, insurance on file, crash history, BASIC scores, out-of-service rate, MC-DOT alignment, authority age. Free, fast, foundational.
Highway identity →
If you subscribe — primary identity layer for chameleon patterns and behavioral fingerprints. Keelway federates the signal, not replaces it.
Inbox-level signals →
Domain age, MX record, SPF/DKIM/DMARC pass, signature drift over the thread, free-mail vs corporate sender, send-time anomaly.
Cross-brokerage chameleon model →
Anonymized signal sharing across the Keelway network — when the same operator surfaces under three different MCs in two weeks, we know.
Internal history →
Your own carrier book — prior on-time, prior claims, prior payment issues — weighted into the score. Carriers you trust stay trusted; the rest get re-evaluated on every quote.
Rate anomaly vs lane →
Bid is $1,400 on a lane your last 20 covers ran $2,100–$2,400? Combined with fresh authority, that's a fingerprint. Alone, it might be a real carrier deadheading home.
What a coordinator sees, before they click accept.
Below is a real-shape inbox row for an inbound quote, with the trust score and underlying signal breakdown — the kind of row that lands in the coordinator's ranked list within 600 ms of the email hitting the inbox.
- Lane bid
- MEM → DAL · Reefer · $1,650
- MC reported
- 997412 (issued 2026-03-04 · 87 days)
- Domain signal
- Look-alike: differs from coldchain-logistics.com by 1 char
- Thread drift
- 14 prior replies on coldchain-logistics.com
- Lane rate vs history
- −22% vs your 20-load rolling avg ($2,115)
- Suggested action
- Suppress · reply not surfaced in ranked list
Illustrative example using a synthetic MC + spoofed domain.
What happens when a quote gets flagged.
Quote surfaces with red badge + reason
Suppressed from the ranked list
Rate-con + settlement instruction holds
Per-brokerage score calibration
Every score, every signal, every override logged
Cross-brokerage chameleon propagation
Why this is different from a Highway subscription, a Carrier411 lookup, or the 90-second check.
| Approach | What it catches | What it misses | Coordinator cost |
|---|---|---|---|
| Manual 90-second check | FMCSA authority, insurance, BASIC scores | Email signals, chameleon match, rate anomaly | ~90s × every quote |
| Highway / Carrier411 standalone | Carrier identity, chameleon flags, monitoring | Per-quote scoring, email signals, rate anomaly, integration with the ranked list | manual lookup per quote |
| Trust-and-pray | Nothing | Everything | ~$5K–$50K per missed |
| Keelway Fraud Detection | Composite: FMCSA + Highway + email signals + cross-brokerage + internal history + rate anomaly | Pure-voice-channel fraud (a real human dispatcher calling the broker) — those still need a human ear | ~0s per quote |
Vendor capability descriptions illustrative; verify direct before sizing.
Frequently asked questions
How is this different from your Carrier Trust Score?+
Trust Score is the output — a 0–100 number you see next to every inbound quote. Fraud Detection is the full pipeline that produces it: FMCSA authority + insurance + crash data, Highway identity signals, MC-DOT mismatch checks, domain and signature analysis of the email itself, chameleon-pattern detection across our cross-brokerage signal set, and your own internal carrier history. Trust Score is what you look at; Fraud Detection is what generates it. Same product line — different surface area.
What specific fraud patterns does it catch?+
Four families. (1) Chameleon carriers — an authority that recently rebranded from a previously-bad MC, including operator-name and address overlap. (2) Fake-MC rebrokers — a freshly minted authority bidding aggressively on premium spot lanes that don't match its declared equipment or operating radius. (3) Email-level phishing — domain spoofing, look-alike top-level domains, sudden signature drift on an established thread, replies coming from a free-mail address when the prior thread was on a corporate domain. (4) Rate-con interception — a downstream party intercepts a rate con and replaces the remittance instructions; we hash and check banking details against prior pays.
How fast does the check run?+
Server-side, before the coordinator sees the inbox row. Average end-to-end is under 600 ms for a fresh-cold MC (no cache, full FMCSA pull, Highway lookup, email-signal pass). Cached carriers re-score on every new quote in under 80 ms. The coordinator doesn't wait — they open the inbox and the ranked list already has scores attached.
What's the false-positive rate?+
On a calibrated book, ~3–7% of inbound quotes get flagged after the first two weeks. About 1.5% are hard-blocked (definite fraud — fake MC, domain spoof, hard chameleon match) and the rest are soft-flagged for coordinator review. Per-brokerage false-positive rate stays under 1.0% on the soft-flag tier — meaning fewer than one in a hundred coordinator-reviewed flags turns out to be a legitimate carrier with a quirky signature. We tune per-brokerage.
Do you integrate with Highway, Carrier411, MyCarrierPackets?+
Yes. Highway is our primary identity layer — every inbound email gets a Highway lookup if the MC resolves. Carrier411 (RMIS), MyCarrierPackets, Truckstop SmartWay, and SaferWatch are pulled where the broker has accounts; we federate the signals rather than replace them. If you don't have those subscriptions, Keelway's FMCSA-direct pull plus our internal chameleon-pattern model covers the bulk of the surface.
What happens after a quote is flagged?+
Soft-flagged quotes get a row in the ranked list with a red badge, a one-line reason ('MC under 30 days old', 'signature differs from 14 prior threads', 'authority address overlaps with revoked MC 4xxxxx'), and the underlying signal breakdown one click away. Hard-blocked quotes don't surface in the main list — they're behind a 'Show suppressed (3)' affordance with the same breakdown. Coordinators can override with a typed reason; overrides feed back into the per-brokerage tuning.
Is this just FMCSA data, or something more?+
FMCSA data is the floor, not the ceiling. The composite signal includes: FMCSA operating-authority status + insurance on file + crash history + BASIC scores + out-of-service rate; Highway identity if the broker has the integration; cross-brokerage chameleon patterns (we anonymize the inputs); email-level signals (domain age, MX record, SPF/DKIM/DMARC pass, signature drift, free-mail vs corporate sender); rate anomaly vs your own lane history; and your internal carrier history (have you booked this MC before, what was the on-time, any claims). Any single signal is rarely a kill — the model weights the composite.
What does freight fraud actually cost?+
Industry estimates put total freight fraud at $700M–$1B+ annually in the US — and that's just the reported piece. Per-incident: a single double-brokering event runs $5K–$50K in stolen freight value, plus 20–60 hours of coordinator time chasing the missing load, plus reputational damage with the shipper. A chameleon-carrier booking that results in stolen cargo regularly clears six figures. The break-even on prevention is one stopped incident per quarter for most mid-sized brokerages.
How does this interact with our existing carrier-onboarding process?+
Cleanly. If you onboard carriers through MyCarrierPackets or a similar packet system, Keelway treats packet-completed carriers as priors (higher base trust). Brand-new carriers without a packet still get scored on FMCSA + Highway + email signals and surface in the ranked list with appropriate confidence. The onboarding flow doesn't change — fraud detection runs alongside it on every inbound quote, not just first-time bookings.
Pricing?+
Bundled into the per-load workflow — the same $1 per load that covers email triage, ranking, and check-calls covers full fraud detection on every inbound quote against that load. No per-quote, per-flag, or per-MC charge. Highway / Carrier411 / RMIS subscriptions, if used, are passed through at cost. See the pricing page for the full breakdown.
Score every inbound quote — before the coordinator sees the row.
Book a demoRelated
The 0–100 score that surfaces on every inbound quote — the output of the fraud-detection pipeline on this page.
Field guide to the three patterns and the 90-second pre-book check, in narrative form.
Annotated walkthrough of a real-shape phishing reply — what the signals look like in the raw.
The rebrand-the-revoked-MC pattern, with the cross-brokerage signal set that catches it.
Authority, insurance, BASIC scores, inspections — what gets misread, what the composite signals actually mean.
Free MC / DOT lookup with the data points fraud detection scores against. Useful for one-off manual checks.
Paste an inbound email and get the same signal breakdown — domain, MX, signature, rate vs lane.
How Keelway compares as a standalone replacement vs. as a layer on top of an existing Highway subscription.