While cybercrime gets a lot of attention from law enforcement and the media these days, I’ve been documenting a less high-tech threat emerging in recent months: a surge in stolen checks.
Criminals are increasingly targeting U.S. Postal Service and personal mailboxes to pilfer filled-out checks and sell them over the internet using social media platforms. The buyers then alter the payee and amount listed on the checks to rob victims’ bank accounts of thousands of dollars. While the banks themselves typically bear the financial burden and reimburse targeted accounts, criminals can use the checks to steal victims’ identities, which can have severe consequences.
I founded and now direct Georgia State University’s Evidence Based Cybersecurity Research Group, which is aimed at learning what works and what doesn’t in preventing cybercrime. For the past two years, we’ve been surveilling 60 black market communication channels on the internet to learn more about the online fraud ecosystem and gather data on it in a systematic way in order to spot trends.
One thing we didn’t expect to see was a surge in purloined checks.
An old threat returns
In general, bank check theft is a type of fraud that involves the stealing and unauthorized cashing of a check.
It’s hardly a new phenomenon. Criminals were committing check fraud as soon as the first modern checks were cut in the 18th century in England – and the authorities were already looking for ways to prevent it.
While there’s little historical data on this type of fraud, we do know it became particularly problematic in the 1990s as the internet made finding willing buyers of illicit items easier than ever. For example, financial institutions estimated they lost about US$1 billion to check fraud from April 1996 to September 1997.
But what may seem a little surprising is that its resurgence now at a time when the vast majority of transactions are conducted electronically and check use continues to wane.
What check fraud looks like
Broadly speaking, the check scams we’ve been tracking look something like this:
Someone breaks into a mailbox that stores letters waiting to be sent and grabs some of them in hopes they’ll contain a check that’s been filled in. Often, the crime scene where the theft occurs is the victim’s own mailbox, but it can also be one of those blue USPS boxes you pass on the street.
Criminals can access those with a stolen or copied mailbox key, which we have seen on sale for as much as $1,000.
An image of USPS mailbox keys on sale.
Screenshot from Telegram
Thieves may deposit or cash the checks themselves or sell them on to others via a marketplace of illicit items, such as fake IDs and credit cards. Prices are typically $175 for personal checks and $250 for business ones – payable in bitcoin – but always negotiable and cheaper in bulk, based on our observations and direct interactions with the…