And how the automotive industry can defend itself
The car transport chain, from factory to end customer and everything in between, is becoming increasingly digitised. This increases efficiency, but also introduces new threats. In Europe, and particularly in the Netherlands, Germany, France, Belgium, Denmark and Austria, we see similar risks. Below, we examine the ten most common digital threats in this chain, from loading and unloading addresses to transporters, compounds, car dealers and online car platforms.
Each threat is explained with concrete examples, cases or incidents. We focus on cyber risks, including physical theft or sabotage facilitated by digital means such as GPS jamming, keyless theft or burglary via hacked systems. For each threat, we look at the gaps and, where relevant, provide context for possible countermeasures. The following digital threats are discussed:
Table of Content
Many threats affect multiple links in the chain at the same time. A good level of security at all parties, from logistics service providers to dealers, is therefore crucial to make the entire chain more resilient.
Keyless theft: unlocking cars without a key
Modern cars with keyless entry systems are very vulnerable to theft via relay attacks. Thieves use simple radio amplifiers to extend the signal from the key, so that the car thinks the key is nearby and unlocks/starts. This leaves no signs of forced entry and often takes less than a minute. A large ADAC/FDM study showed that almost 90% of the cars tested with a keyless function could be stolen in this way. Of 698 models, only 65 could not be opened and started using such a digital trick. In the Netherlands, this is reflected in the theft figures: more than 60% of all cars stolen in 2024 had keyless entry, which demonstrates the high vulnerability of this technology to criminals. With a small device at the front door, thieves can intercept the key signal and open and drive away in the car almost immediately, without activating the alarm. The problem has been known since 2011, and the number of thefts using this method continues to rise.
Example: In Berlin, the police saw the number of thefts rise to 3,855 cars in 2024, with relay theft being an explosive trend. This method is popular because it does not require advanced hacking knowledge. In addition, the necessary equipment is easy to obtain. Car thieves mainly target models without additional security features (such as ultra-wideband distance measurement that prevents relay theft). Manufacturers have now made improvements to newer models, but a large part of the vehicle fleet remains vulnerable.
Electronic manipulation of cars
In addition to relay attacks, thieves also use advanced CAN bus and OBD II hacks to digitally hijack vehicles. Via the diagnostic connector (OBD) or direct access to the wiring, criminals can manipulate vehicle software, programme new keys or bypass the immobiliser. A recent technique is CAN injection: thieves open the headlight unit, for example, and connect a device to the internal CAN bus wiring. This allows them to send false commands that make the car think a valid key is present. This enables them to unlock and start the car in just 30 seconds.
This is not a theoretical risk. Research by security experts Ian Tabor and Ken Tindell shows how a Toyota RAV4 was stolen in London via the headlight wiring. The thieves used a device available online (~£1,500) to impersonate the key on the CAN bus and start the engine. Similar methods have also been seen in Belgium and the Netherlands in the theft of popular models such as Toyota RAV4s and Lexus SUVs, which are often stolen for parts. In 2025, the German Insurance Association ( versicherungsbranche, GDV) warned that luxury vehicles with electronic steering locks and keyless systems are particularly vulnerable to ‘silent theft‘. This is theft in which hackers use laptops or radio equipment to steal cars without setting off the alarm.
Example: Belgian and Dutch police have seized equipment on several occasions that could be used to start cars via the OBD port. In one case in Rotterdam, a gang was rounded up that used laptops and cloned key cards to unlock cars on the spot. Such OBD devices and even complete “key cloning kits” are traded on internet forums and the dark web. This underlines that traditional mechanical security alone is no longer sufficient. Digital access points are now the biggest weakness in the security chain.
Sabotage of vehicle tracking systems
Logistics players rely on GPS trackers and telematics to track vehicles and cargo. Criminals therefore often use GPS jammers (interference transmitters) to sabotage this tracking. A GPS jammer emits radio interference that makes the vehicle untraceable by tracking systems. This is a critical threat in the car transport chain: stolen car transporters or luxury cars disappear from the radar. In Europe, misuse of this technology is becoming increasingly common in transport crime. GPS jamming, digital cargo fraud and fictitious pickups are increasingly being used by gangs.
Industry reports show that organised thieves disable trackers in more than half of all cases. In a major Europol operation (‘Matador’), luxury rental cars were taken to illegal workshops after being stolen, where the GPS transmitters were immediately disabled or removed. Sometimes they even install their own transmitters to mislead the police. An FBI analysis concluded that criminals routinely disable or jam GPS trackers in cargo theft cases. The risks are not limited to physical devices: trackers can also be put “offline” by hacking telematics platforms (see digital threat 4).
Specific incidents: In Germany, the hotspot for European cargo theft, there have been reports of entire truck combinations disappearing after thieves disrupted GPS signals en route. A notorious example is a theft in 2023 on the A7 motorway, where thieves jammed the trackers of 67 trucks at once in a single night to enable a large-scale coordinated robbery. Such cases show that GPS jamming drastically reduces the chance of apprehension.
Hacking of vehicle telematics and systems
Vehicles and means of transport are becoming increasingly ‘smarter’ and more connected to the internet. This opens the door to remote hacks that can involve both sabotage and theft. For example, an attacker who gains access to the telematics of a lorry or car can manipulate its location, remotely immobilise the vehicle or, conversely, unlock and start it without a key. Such scenarios are no longer hypothetical: in 2025, researchers presented a serious vulnerability in the online dealer system of a major car manufacturer, which allowed cars to be taken over remotely. By breaking into the dealer network, an ethical hacker managed to assign a car to his own account and locate, unlock and start the car via the official mobile app. This applied to all models of that brand with connected telematics since 2012. This indicates the potential for mass abuse if malicious parties had discovered this earlier. (For any criminals reading this: the leak has since been fixed.)
Trucks and commercial vehicles are also targets. They are increasingly connected to logistics cloud platforms for route planning, maintenance or freight data. If a hacker penetrates these systems, they can, for example, activate or deactivate digital immobilisers, influence engine management or manipulate sensor values. In theory, a malicious individual could sabotage a moving lorry in this way. Think of causing brake or engine failures. Fortunately, such attacks have not yet been publicly reported ‘in the wild’. However, there are signs that criminal groups are exploring such hacks. In 2024, Europol warned that organised car thieves are increasingly calling on “IT specialists” to crack secure vehicles, rather than using physical force.
Example: The well-known Jeep Cherokee hack (United States, 2015) showed that over-the-air attacks are a reality: researchers were able to remotely shut down the engine via a leak in the infotainment system. Such vulnerabilities have since been found and remedied in European brands (BMW, Tesla, etc.). Nevertheless, it remains a cause for concern. ENISA, the European Agency for Cybersecurity, cites ransomware attacks on car production and data theft via vehicle software as emerging threats in the transport sector. After all, a single successful hacking incident at a major car manufacturer can disrupt the entire distribution chain. Such as the hack at Jaguar Land Rover in 2025, which halted production for weeks and stopped global deliveries. This emphasises that digital security of vehicles and their support systems is essential to prevent sabotage or theft.
Phishing and social engineering of chain partners
Human factors remain a weak link. Phishing emails, fake messages and social engineering are used to gain access to logistics systems or to mislead employees. In the car transport world, this could mean, for example, a fake email from a ‘familiar customer’ requesting a change of delivery address, a false instruction on behalf of a manager to hand over a car, or a malicious link that installs malware on a transporter’s network. An industry survey in the Netherlands (2025) showed that 80% of transport and logistics companies see cybercrime as a risk, with phishing emails and invoice fraud among the most common methods of attack. Criminals use these methods to steal login details or divert payments.
There are countless examples in practice. In 2024, an employee at a German logistics company was tricked into logging into a fake IT portal via a convincing-looking email. The attackers gained VPN access and insight into transport schedules. This type of spear phishing, which targets specific employees with access, can be used, for example, to find out when and where a shipment of expensive cars will be delivered, so that a robbery or theft can be planned. Invoice fraud also occurs: this involves intercepting or imitating communications between, for example, a dealer and a transporter in order to change bank account numbers on invoices. In France and Belgium, there have been incidents in which dealers paid large sums for supposedly delivered vehicles to fraudsters’ accounts after a successful email hack.
A well-known international example of social engineering involved the port sector in Antwerp. Although this was aimed at drug smuggling, the method is still relevant. Hackers infiltrated the IT systems and gained access to terminal planning, allowing them to remove containers from the port unseen at the right moment. In the automotive chain, a similar approach could mean that criminals gain access to a compound planning system and thus ‘release’ a load of cars to a fake transporter (see digital threat 6). Awareness and verification procedures, such as double-checking by telephone or another second channel, are crucial to detecting phishing and social engineering attacks.
Fictitious transport orders and fake transporters
A growing modus operandi in Europe is the fictitious pickup: criminals digitally impersonate legitimate transporters in order to pick up and steal vehicles, for example. Through online freight exchange platforms or false transport orders, they hijack transports without initially hacking, but through deception and identity fraud. This method has emerged in Germany in recent years. According to TAPA and insurers, digital cargo fraud, fictitious loading orders and stolen identities are being used more and more often. A fake carrier registers for a transport order, for example to collect cars from a storage location, using forged documents or a stolen company identity. Once the cargo has been handed over, both the freight and the ‘carrier’ disappear.
In 2021, a gang operating in several EU countries using this method was broken up. They used digital freight exchanges to win orders and then sent drivers with false IDs, driving licences and number plates on their way. Eurojust reported that in one case, 34 suspects were arrested who had stolen €1.3 million worth of goods in this way. This is often accompanied by stolen company data. For example, a driver was recently caught in Germany who accepted a trip to Munich via a digital broker under the name of a bona fide Polish transport company, complete with forged vehicle tracking numbers and CMR documents. This identity theft made it difficult to arouse suspicion immediately.
Criminal groups accept transport orders under false (or stolen) identities, pick up vehicles or valuable cargo and then disappear. Dutch industry and police warnings show a clear increase; according to BNR, there are now approximately five reports per week. This fraud often makes use of professionalised digital communications (website, documents, permissions) and identity fraud, which can mislead checks at the loading address.
TransConnect tests Power of Attorney validation
At TransConnect, we are continuously working to strengthen security within our platform and our logistics processes. One of the most important new measures we will be introducing shortly is QR validation on powers of attorney. Every power of attorney issued via TransConnect contains a unique QR code and PIN code. When a driver arrives to load vehicles, the loading location can scan the code to check whether the carrier is still authorised at that moment. As soon as an order is cancelled or a carrier loses its authorisation, the QR code is automatically invalidated. This prevents old or forged documents from being misused.
With this technology, TransConnect is taking a new step in combating fraud within car logistics. It offers extra security for customers and partners and makes the authorisation of transports demonstrably reliable.
Ransomware and IT attacks on logistics service providers and dealers
Ransomware attacks are one of the biggest cyber threats in transport and logistics. Criminals hack into company networks, encrypt data and demand ransom. In the car transport chain, this can paralyse entire operations. Think of transport planners who cannot access orders, or dealers whose systems are down. In 2024/2025, there were several incidents in the region: in February 2023, Volvo dealer Ton van Kuyk in Alkmaar was hit by ransomware. In the morning, employees found the message “We have hacked you, pay to unlock your data” on all PCs. The attackers (LockBit group) demanded approximately $300,000 in Bitcoin ransom. Thanks to good backups, the dealer was able to recover most of its data without paying, but was out of action for four days. Sales and service had to be carried out on paper and scheduled later. Customer data, such as copies of ID cards, may also have been stolen, which led to a report to the Data Protection Authority and the preventive issuance of new identity cards to affected customers. This case shows that medium-sized companies (95 employees) are also targets. “We thought: what is there to steal from us? But apparently that doesn’t matter to cybercriminals,” said the financial director.
Logistics transporters in the Netherlands and neighbouring countries have also been affected. At the end of 2024, for example, AB Texel (NL) was hit by a ransomware attack (Cactus group) that forced the company to restore its systems and investigate data. Another transport company, Klarenbeek, saw the Blacksuit hackers steal essential data and encrypt files in November 2024. Business operations and customer data were immediately compromised. These examples are part of a broader trend: according to the European Union Agency for Cybersecurity, ransomware has been the most prominent threat in the transport sector since 2022. The consequences are serious: from production and delivery stoppages to financial damage and loss of reputation. In a sector survey, 16% of transport companies indicated that they had already suffered financial damage as a result of cyber incidents. Ransomware is often the cause here.
Data leaks and sensitive information in the wrong hands
Information is worth its weight in gold. This is certainly true in the automotive chain, where expensive goods are involved. Data breaches, whether due to hacking or human error, pose a threat because they enable criminals to strike in a more targeted manner. Think of lists of delivered vehicles, customer data, transport schedules or access and alarm codes. If such data is leaked, thieves can know exactly where and when certain cars are located and what security measures are in place. In France in 2022, a leak was discovered at a large car group, resulting in thousands of VIN numbers and location data of new cars ending up on the street. This could be used to steal specific models that are ‘on order’ directly from a compound.
Another risk is stolen login details. A data breach at a supplier or partner can yield logins (usernames/passwords) that attackers can use to infiltrate another company in the chain (see threat 10: supply chain attack). In the aforementioned Volvo dealer attack, for example, the suspected entry point was a home working portal with a weak admin password, possibly from a database leaked elsewhere. Similarly, there are known cases where criminal groups gained access to fleet management systems by obtaining drivers’ passwords through phishing or leaks. Once inside, they were able to change routes or disable alarms, for example.
Case study: In 2023, cybercriminals hacked the American software company CDK Global, which supplies dealer and inventory systems to tens of thousands of car dealers worldwide. As a result, the sales and service processes at more than 15,000 dealers were partially disrupted. Although this took place outside Europe, it illustrates the vulnerability: data from many dealers (customers, inventories, transactions) may have been exposed and business was at a standstill for days. In our region, the leak at Tesla (May 2023) is also relevant: two insiders stole 100 GB of customer and employee data, including information about technical issues with Tesla cars. Although this did not result in direct theft, it shows that car platforms themselves can also leak data. Such information (e.g. addresses of buyers of luxury EVs) can be of interest to criminals.
The National Internet Fraud Reporting Centre warns that identity data from data leaks is then misused in fraud. For example, with false transport orders under a real name. In 2024, a Dutch consultancy firm had to write off €200,000 in damages because their stolen digital identity had been used to place orders (so-called business identity fraud), which was only discovered late. In the context of the car transport chain, a data breach therefore not only poses a privacy risk, but also increases the likelihood of targeted crime. Setting up strict access rights, encryption and proper monitoring of unusual data access are essential defensive measures here.
Fraud on online car trading platforms
Online car trading platforms (such as Marktplaats, Autoscout24, Mobile.de) bring buyers and sellers together, but also attract fraudsters. Digital fraud in vehicle sales is widespread and takes various forms: from fake advertisements for non-existent cars to hacked seller accounts and sham sales where payments are intercepted. In the Netherlands, the police recorded almost 1.3 million euros in damages from online car sales fraud (127 reports) in 2023, and again more than 1.1 million euros in damages in 2024. These are usually cases in which a buyer makes a down payment for a car they found online, but the car is never delivered. Criminals create professional-looking advertisements, often with photos of real cars, including real number plates, which they have copied from dealer websites. They come up with a plausible story. For example, that the seller is abroad and will have the vehicle transported to the United Kingdom as soon as the payment or deposit has been received. They often even show fake transport documents and copies of ID cards to inspire confidence. Once the money has been transferred to a foreign account, the trail goes cold.
Current trick: Fraudsters create spoof websites of well-known dealers or auction sites. Unsuspecting buyers think they are buying through a recognised channel, but end up on a fake site that looks almost identical. In France and Belgium, there have been reports of fake sites imitating well-known car centres, complete with Chamber of Commerce and VAT numbers. Once payment has been made, both the car and the seller are untraceable. In addition, sellers are sometimes defrauded, for example through false payment receipts or phishing. One trick is for criminals to pose as buyers from Germany or Denmark, ‘accidentally’ transferring too much money and asking the seller to refund the difference. The first payment then turns out to be false.
The impact of this fraud is not only financial damage to individuals and companies, but also undermines confidence in online car trading. Trust is essential in times of digitalisation. Platforms are responding with information and additional security measures. Autoscout24 explicitly warns against intermediaries and escrow fraud, where third parties offer to arrange the transaction. In collaboration with the police, suspicious advertisements are removed more quickly. Nevertheless, fraudsters continue to create new accounts and use international constructions. This therefore remains a top-10 threat with a digital component, albeit in the form of fraud rather than hacking.
Attacks via suppliers and vulnerable third parties
The car transport chain is only as strong as its weakest link. Supply chain attacks, attacks via third parties, therefore constitute the tenth threat. Criminals exploit the trust or IT connection between companies. For example: a transport company uses software from an external supplier for stock management; if that supplier is hacked, the attackers can also compromise the transport company via the update or access chain. In 2024, we saw an example of this with Blue Yonder logistics software: ransomware via this route temporarily shut down the logistics systems of major retailers (Jumbo, HEMA). Suppose a similar attack hits a widely used vehicle tracking or planning platform, in which case dozens of car transporters and storage locations could be affected in one fell swoop.
Another aspect is insider threats at third parties. Criminal networks sometimes try to bribe employees of partners. In the aforementioned Europol case “Matador”, an insider at a national registration agency facilitated false import registrations for stolen rental cars. In logistics, this could involve hired IT technicians or cleaners with network access at a company who leave vulnerabilities or exfiltrate data on behalf of a criminal group. These types of shadow threats via seemingly reliable partners are difficult to detect.
Consequence: Companies must not only defend their own walls, but also take into account those of their suppliers and partners. This means strict requirements for IT suppliers, audits of external data processors and joint contingency plans. After all, an attack on a small IT firm can have a systemic impact if that firm serves many customers in the sector. In the future, NIS2 legislation will also force suppliers to adopt higher cyber standards, which will hopefully reduce this threat.
Conclusion and outlook
The entire car transport chain, from manufacturer to end user, faces a wide range of digital threats. The ten risks above are the most common and illustrate how digital and physical crime are becoming intertwined. Crucial themes are visibility and control: once criminals disable the digital ‘eyes and ears’ of the chain (e.g. GPS jamming) or deceive them (phishing, false identities), it becomes very difficult to prevent theft or sabotage or to detect it in time. Similarly, the examples show that no link in the chain is immune: an SME can fall victim to a hack just as easily as a multinational, and a lorry driver on the motorway is just as much at risk from high-tech gangs of thieves as a warehouse manager in the port.
When reviewing these threats, it is striking that traditional security measures are often unable to withstand digital tricks. For example, a physical lock does not detect a relay attack, and an alarm system does not help against a hacked access account. A possible gap in the current approach is the sharing of threat information across the chain. Many companies only learn about a new modus operandi when they themselves become victims. Initiatives such as sectoral ISACs (Information Sharing and Analysis Centres) for mobility can improve this.
What is TransConnect doing to combat cyber threats?
Initiatives such as TransConnect’s QR validation on powers of attorney show how smart innovations can directly contribute to greater security and transparency in the chain. Thanks to our ISO 27001 and ISO 9001 certifications, information security and quality assurance are deeply embedded in all processes. By combining these kinds of technological improvements with collaboration and healthy cyber hygiene, the sector can better manage digital threats and keep the car transport chain resilient against 21st-century criminals.
Finally, chain cooperation is needed: the automotive industry, transporters, insurers and government must work together. Only with a holistic, multi-layered defence strategy. Only by combining digital vigilance with physical security can the sector resist increasingly sophisticated forms of crime.
