Business Daily Media

The Times Real Estate

.

How cybercriminals turn paper checks stolen from mailboxes into bitcoin

  • Written by David Maimon, Associate Professor of Criminal Justice and Criminology, Georgia State University
How cybercriminals turn paper checks stolen from mailboxes into bitcoin

While cybercrime gets a lot of attention[1] from law enforcement and the media these days, I’ve been documenting a less high-tech threat emerging in recent months: a surge in stolen checks[2].

Criminals are increasingly targeting U.S. Postal Service and personal mailboxes to pilfer filled-out checks and sell them over the internet using social media platforms. The buyers then alter the payee and amount listed on the checks to rob victims’ bank accounts of thousands of dollars. While the banks themselves typically bear the financial burden[3] and reimburse targeted accounts, criminals can use the checks to steal victims’ identities, which can have severe consequences[4].

I founded and now direct Georgia State University’s Evidence Based Cybersecurity Research Group[5], which is aimed at learning what works and what doesn’t in preventing cybercrime. For the past two years, we’ve been surveilling 60 black market communication channels on the internet to learn more about the online fraud ecosystem and gather data on it in a systematic way in order to spot trends.

One thing we didn’t expect to see was a surge in purloined checks.

An old threat returns

In general, bank check theft is a type of fraud that involves the stealing and unauthorized cashing of a check[6].

It’s hardly a new phenomenon. Criminals were committing check fraud as soon as the first modern checks were cut in the 18th century in England[7] – and the authorities were already looking for ways to prevent it[8].

While there’s little historical data on this type of fraud, we do know it became particularly problematic in the 1990s[9] as the internet made finding willing buyers of illicit items easier than ever. For example, financial institutions estimated they lost[10] about US$1 billion to check fraud from April 1996 to September 1997.

But what may seem a little surprising is that its resurgence now at a time when the vast majority of transactions are conducted electronically[11] and check use continues to wane[12].

What check fraud looks like

Broadly speaking, the check scams we’ve been tracking look something like this:

Someone breaks into a mailbox that stores letters waiting to be sent and grabs some of them[13] in hopes they’ll contain a check that’s been filled in. Often, the crime scene where the theft occurs is the victim’s own mailbox, but it can also be one of those blue USPS boxes[14] you pass on the street.

Criminals can access those with a stolen or copied mailbox key[15], which we have seen on sale for as much as $1,000.

Three USPS mailbox keys lie on a gray surface
An image of USPS mailbox keys on sale. Screenshot from Telegram

Thieves may deposit or cash the checks themselves or sell them on to others via a marketplace of illicit items, such as fake IDs and credit cards. Prices are typically $175 for personal checks and $250 for business ones – payable in bitcoin – but always negotiable and cheaper in bulk, based on our observations and direct interactions with the sellers.

Buyers then use nail polish remover to erase the intended payee’s name and the amount displayed on the check, replacing those details with their own preferred payee – such as a retailer – and amount, usually a lot higher than the original check. A buyer might also simply cash the check at a location like Walmart using a fake ID.

In some cases we believe criminals are using the checks to steal the victim’s identity by using their name and address to manufacture fake driver’s licenses, passports and other legal documents. Upon taking over someone’s identity, a criminal may use it to submit false applications for loans and credit cards, access the victim’s bank accounts[16] and engage in other types of online fraud.

Tracking black market chat rooms

To better understand how cybercriminals operate, my team of graduate students began monitoring 60 online chat room channels where we knew people were trafficking in fraudulent documents. Examples of these types of channels are group chats on messaging apps like WhatsApp, ICQ and Telegram, in which users post pictures of items they wish to sell. Some of the channels we are monitoring are public, while others required an invitation, which we managed to procure.

A check sits in a bowl that was used to to remove pen ink, with other checks scattered on the table, with details blacked out. After stealing a check, criminals use nail polish remover to remove the pen ink used to fill them out. Criminals blacked out the check account and code numbers so they can’t be used without purchase. Names and addresses have been blacked out to protect victims’ identities. Screenshot from Telegram

After we noticed a rise in stolen checks on sale, we began systematically gathering data from those channels about six months ago in order to track the trend. We downloaded the images, coded them and then aggregated the data so we could spot trends in what was being sold.

In our observations, we came across an average of 1,325 stolen checks being sold every week in October 2021, up from 634 per week in September and 409 in August. Although little historical data on this practice exists, a one-week pilot study we conducted in October 2020 places these numbers in some perspective. Back then, we observed only 158 stolen checks during that period.

Furthermore, these figures likely only represent a small fraction of the number of checks actually being stolen and sold. We focused on only 60 markets, when in fact there are thousands currently active[17].

In dollar amounts, we found that the face value of the checks, as written, was $11.6 million in all of October and $10.2 million in September. But again, these values likely represent a small share of the actual amount of money being stolen from victims because criminals often rewrite the checks[18] for much higher amounts.

Using the victims addresses, which appeared on the left top corner of the checks[19], and focusing on the data we collected in the month of October 2021, we found New York, Florida, Texas and California were the top sources.

A dozen filled-in checks are displayed and slightly overlapping one another, with the back of a $100 bill at the bottom. The names and addresses are blacked out to protect victims' identities. Stolen personal checks typically go for $175 – but they’re cheaper purchased in bulk. Screenshot from ICQ

How to protect yourself

The best advice I can give consumers who want to avoid falling victim to these schemes is to avoid mailing checks, if you can.

Bank checking accounts usually offer customers the option to send money electronically, whether to a friend or a company, for free. And there are many apps and other services that allow you to make digital payments from bank accounts or via credit card. While there are risks with these methods as well, in general they are a lot safer than writing a check and sending it in the mail.

Still, some types of businesses may require a physical check for payment, such as landlords, utilities and insurance companies[20]. Moreover, as a matter of personal preference, some people – myself included – prefer to pay their bills using checks rather than other methods of payment.

To avoid the risk, I make sure to drop off all my letters containing checks inside my local post office. That’s generally your best bet for keeping them out of the hands of criminals and ensuring they reach their intended destination.

The United States Postal Inspection Service[21], the agency responsible for preventing mail theft, also offers tips[22] to stay protected.

As for enforcement, the inspection service works with the police and others to crack down on mail-related crime. These efforts result in the arrest of thousands of mail and packages thieves every year[23]. However, for every arrest, there are many more criminals who go undetected.

[Over 140,000 readers rely on The Conversation’s newsletters to understand the world. Sign up today[24].]

And when we informed officials of our findings, they were also surprised by what we discovered but planned to step up monitoring of these types of black market communication channels.

Our research suggests much more systematic data on this type of fraud is needed in order to better understand how it works, crack down on the activity and prevent it from occurring in the first place.

Read more https://theconversation.com/how-cybercriminals-turn-paper-checks-stolen-from-mailboxes-into-bitcoin-173796

Five signs that AI is growing faster than the internet did

What do Aussie businesses need to do to keep up? There has been mounting chatter that AI is growing even faster than the rapid acceleration we sa...

Protecting Your Small Business from Cyber Threats This Holiday Season

The holiday season brings a surge of online activity for small and medium businesses (SMBs), with increased sales and customer inquiries offering ...

Essential SEO Strategies: Boosting Your Real Estate Business

In recent years, it is said that more and more people are searching for properties online than those who visit real estate companies in person. For ...

Every Business Needs to Apply a Concrete Strategy

Do you want your website to rank higher in the top results of the Google search engine? Then hire the excellent SEO Services in Australia for your n...

Navigating Cyber Fraud After a Natural Disaster

As Australia enters another long, hot and potentially destructive summer, businesses and residents are preparing for the natural disasters synonym...

8seats messaging startup aims to transform business communication

The new platform brings an innovative approach to unite office-based and desk-less teams 8seats, a next-generation messaging platform for busine...

Sell by LayBy