How brand monitoring could have prevented the $400,000 Costco lobster heist

TL;DR:

Criminals stole $400,000 of lobster destined for Costco by impersonating a legitimate trucking company. They used a spoofed email domain (adding just a single dash), fake IDs, and a branded truck to collect the shipment from Massachusetts. Red Sift Brand Trust could have detected the lookalike domain registration in real-time and prevented the theft before any fraudulent communication occurred. With cargo theft costing the U.S. economy $15-35 billion annually, proactive brand monitoring protects both your organization and supply chain partners from similar attacks.

A sophisticated phishing scam resulted in the theft of $400,000 worth of lobster destined for Costco locations in Illinois and Minnesota earlier this month. The criminals impersonated a legitimate trucking company using a spoofed email domain—adding just a single dash to the legitimate company's email address—then showed up with fake credentials and a branded truck to collect the shipment from Lineage Logistics in Taunton, Massachusetts.

This wasn't a random crime. According to Dylan Rexing, CEO of Rexing Companies, the freight broker managing the shipment, this follows a pattern of organized cargo theft targeting high-value goods across the supply chain. The FBI is now investigating what appears to be part of a larger criminal operation.

For the logistics company, the impact extends beyond the immediate financial loss. It affects hiring plans, employee bonuses, and ultimately contributes to higher prices for consumers. More concerning, this was the second major seafood theft from the same Taunton facility within the same month.

The attack succeeded because of a small but critical vulnerability: an impersonated domain that looked nearly identical to the legitimate trucking company. The criminals registered a lookalike domain, conducted their reconnaissance, and executed the fraud before anyone noticed the deception.

This is where proactive brand monitoring becomes essential.

Red Sift Brand Trust continuously scans the internet for domain registrations that impersonate your organization or your trusted partners. The platform detects lookalike domains, spoofed websites, and fraudulent social media accounts in real time—catching threats before they can be weaponized against your business or supply chain partners.

If the legitimate trucking company had been monitoring for domain impersonation, they would have received an immediate alert when criminals registered the lookalike domain. The freight broker could have been notified before any fraudulent communication occurred. The theft could have been prevented entirely.

Brand Trust doesn't just identify threats—it provides actionable intelligence. Security teams receive detailed reports showing exactly what was registered, when, and how closely it matches your legitimate domains. This enables rapid response, whether that's contacting domain registrars for takedowns, alerting law enforcement, or notifying partners and customers about active impersonation attempts.

Modern supply chains involve dozens or hundreds of trusted partners—trucking companies, logistics providers, vendors, and service providers. Criminals understand this complexity and exploit it. They know that business relationships rely on email communication, familiar branding, and established trust.

Protecting your brand means protecting your entire ecosystem. When partners monitor for impersonation, everyone benefits from reduced fraud risk across the supply chain.

The Costco lobster heist demonstrates how quickly sophisticated criminals can exploit brand impersonation. With cargo theft costing the U.S. economy $15-35 billion annually according to Homeland Security Investigations, organizations can't afford to wait until after an incident to implement brand monitoring.

Red Sift Brand Trust provides the proactive detection that supply chain partners need to identify impersonation attempts before they result in six-figure losses, disrupted operations, and damaged business relationships.

If your organization or supply chain partners are vulnerable to domain impersonation attacks, now is the time to close that gap.