While cybercrime gets a lot of law enforcement and media attention these days, I’ve documented a less high-tech threat emerging in recent months: an increase in stolen checks.

Criminals are increasingly targeting the US Postal Service and personal mailboxes to steal completed checks and resell them on the internet using social media platforms. The buyers then alter the payee and the amount shown on the checks to steal thousands of dollars from the victims’ bank accounts. While banks themselves typically bear the financial burden and reimburse targeted accounts, criminals can use the checks to steal victims’ identities, which can have serious consequences.

I founded and now lead Georgia State University’s Evidence-Based Cybersecurity Research Group, which aims to uncover what works and what doesn’t in preventing cybercrime. Over the past two years, we have monitored 60 internet black market communication channels to learn more about the online fraud ecosystem and collect data about it in a systematic way to spot trends.

One thing we didn’t expect was an increase in stolen checks.

An old menace returns

In general, bank check theft is a type of fraud that involves the theft and unauthorized cashing of a check.

This is not a new phenomenon. Criminals were committing check fraud as soon as the first modern checks were cut in 18th century England – and authorities were already looking for ways to prevent it.

Although there is little historical data on this type of fraud, we do know that it became particularly problematic in the 1990s, as the Internet made it easier than ever to find willing buyers of illicit items. For example, financial institutions estimated that they lost about US$1 billion to check fraud from April 1996 to September 1997.

But what might seem a bit surprising is that its resurgence now at a time when the vast majority of transactions are done electronically and the use of checks continues to decline.

What check fraud looks like

Broadly speaking, the check scams we tracked look like this:

Someone breaks into a mailbox that stores letters waiting to be sent and grabs some of them in the hope that they will contain a check that has been written. Often the crime scene where the theft occurs is the victim’s own mailbox, but it can also be one of those blue USPS boxes you pass on the street.

Criminals can access those with a stolen or copied mailbox key, which we’ve seen on sale for up to $1,000.

Thieves can deposit or cash the checks themselves or sell them to others through a market for illicit items, such as fake IDs and fake credit cards. Prices are typically $175 for personal checks and $250 for business checks – payable in bitcoins – but still negotiable and cheaper in bulk, based on our observations and direct interactions with sellers.

Shoppers then use nail polish remover to erase the intended payee name and amount displayed on the cheque, replacing those details with their own preferred payee – like a retailer – and the amount, usually much larger than the check of origin. A shopper can also simply cash the check at a place like Walmart using fake ID.

In some cases, we believe that criminals use the checks to steal the victim’s identity by using their name and address to fabricate fake driver’s licenses, passports and other legal documents. By taking on a person’s identity, a criminal can use it to submit fake loan and credit card applications, gain access to the victim’s bank accounts, and engage in other types of online fraud.

Black Market Chat Room Tracking

To better understand how cybercriminals operate, my team of graduate students began monitoring 60 online chat channels where we knew people were trafficking fraudulent documents. Examples of these types of channels are group chats on messaging apps such as WhatsApp, ICQ, and Telegram, where users post photos of items they want to sell. Some of the channels we monitor are public, while others required an invite, which we managed to get.

After noticing an increase in the number of stolen checks on sale, we began about six months ago to systematically collect data from these channels to track the trend. We downloaded the images, coded them, and then aggregated the data so we could spot trends in what was being sold.

In our observations, we encountered an average of 1,325 stolen checks sold each week in October 2021, compared to 634 per week in September and 409 in August. While there is little historical data on this practice, a week-long pilot study we conducted in October 2020 puts these numbers into some perspective. At the time, we observed only 158 stolen checks during this period.

Moreover, these figures probably represent only a small fraction of the number of checks actually stolen and sold. We focused on just 60 markets, when in fact there are thousands currently active.

In dollars, we found that the face value of the checks, as written, was $11.6 million in October and $10.2 million in September. But again, these values ​​likely represent a small portion of the actual amount of money stolen from victims, as criminals often rewrite checks for much larger amounts.

Using the victim’s addresses, which appeared in the upper left corner of the checks, and focusing on data we collected in October 2021, we discovered that New York, Florida, Texas and California were the main sources.

How to protect yourself

The best advice I can give to consumers who want to avoid falling victim to these schemes is to avoid sending checks by mail, if you can.

Bank checking accounts generally offer customers the option of sending money electronically, whether to a friend or a business, for free. And there are plenty of apps and other services that let you make digital payments from bank accounts or by credit card. Although these methods also carry risks, they are generally much safer than writing a check and mailing it.

However, some types of businesses may require a physical check for payment, such as landlords, utilities, and insurance companies. Also, out of personal preference, some people – myself included – prefer to pay their bills by check rather than other means of payment.

To avoid the risk, I make sure to deposit all my letters containing checks inside my local post office. It’s usually your best bet to keep them out of the hands of criminals and ensure they reach their intended destination.

The United States Postal Inspection Service, the agency charged with preventing mail theft, also offers tips for staying protected.

In terms of law enforcement, the inspection service works with the police and others to crack down on mail-related crimes. These efforts result in the arrest of thousands of mail and package thieves each year. However, for every arrest there are many more criminals who go unnoticed.

And when we informed officials of our findings, they were also surprised by what we discovered, but planned to step up surveillance of these types of black market communication channels.

Our research suggests that much more systematic data on this type of fraud is needed to better understand how it works, suppress the activity and prevent it from happening in the first place.

This article is republished from The Conversation under a Creative Commons license. Read the original article here: https://theconversation.com/how-cybercriminals-turn-paper-checks-stolen-from-mailboxes-into-bitcoin-173796.


Alderman Council discusses manufacturing company considering moving to California


Summary reminder | Manufacturing company technology

Check Also