The dispatcher phishing playbook — what attackers send your team this week.

Your dispatch desk handles more inbound email per hour than any other seat in the company. Brokers, shippers, drivers, factoring, insurance — all of it lands in one inbox under time pressure. That is exactly why attackers love it.

Pattern 1 — The fake rate confirmation

An attacker spoofs a broker your dispatcher worked with last week and sends a 'revised rate con' as a PDF. The PDF contains a macro that drops a remote access trojan. Mitigation: block macros at the gateway, period.

Pattern 2 — The 'driver resume'

Targets recruiting inboxes. Looks like a CDL resume, often as a .htm or .zip. Opens a credential harvester branded with your own logo. Mitigation: route all resumes through your ATS, never direct email.

Pattern 3 — Load board credential reset

'Your DAT / Truckstop password expires in 24 hours.' Lookalike domain. Mitigation: MFA on every load board, and a written rule that password resets never come via email links.

Pattern 4 — Fuel card fraud alert

Spoofs Comdata, EFS or WEX. Asks the dispatcher to 'verify the last 4' of card numbers. Mitigation: out-of-band callback to a known number, always.

Pattern 5 — The factoring change request

Most expensive of the five. Attacker emails your customer pretending to be you, asking them to redirect ACH to a new account. By the time you notice, two weeks of invoices are gone. Mitigation: bank-change verification policy on both sides, and DMARC enforcement on your domain.

Train the desk like you train your drivers on pre-trip. Same cadence, same seriousness.