Criminals are increasingly targeting U.S. Postal Service and personal mailboxes to pilfer filled-out checks and sell them over the internet using social media platforms. The buyers then alter the payee and amount listed on the checks to rob victims’ bank accounts of thousands of dollars. While the banks themselves typically bear the financial burden and reimburse targeted accounts, criminals can use the checks to steal victims’ identities, which can have severe consequences.
I founded and now direct Georgia State University’s Evidence Based Cybersecurity Research Group, which is aimed at learning what works and what doesn’t in preventing cybercrime. For the past two years, we’ve been surveilling 60 black market communication channels on the internet to learn more about the online fraud ecosystem and gather data on it in a systematic way in order to spot trends.
One thing we didn’t expect to see was a surge in purloined checks.
Criminals can access those with a stolen or copied mailbox key, which we have seen on sale for as much as $1,000.
Buyers then use nail polish remover to erase the intended payee’s name and the amount displayed on the check, replacing those details with their own preferred payees—such as a retailer—and amount, usually a lot higher than the original check. A buyer might also simply cash the check at a location like Walmart using a fake ID. Thieves may deposit or cash the checks themselves or sell them on to others via a marketplace of illicit items, such as fake IDs and credit cards. Prices are typically $175 for personal checks and $250 for business ones— payable in bitcoin—but always negotiable and cheaper in bulk, based on our observations and direct interactions with the sellers.
In some cases we believe criminals are using the checks to steal the victim’s identity by using their name and address to manufacture fake driver’s licenses, passports and other legal documents. Upon taking over someone’s identity, a criminal may use it to submit false applications for loans and credit cards, access the victim’s bank accounts and engage in other types of online fraud.
Tracking black market chat rooms
To better understand how cybercriminals operate, my team of graduate students began monitoring 60 online chat room channels where we knew people were trafficking in fraudulent documents. Examples of these types of channels are group chats on messaging apps like WhatsApp, ICQ, and Telegram, in which users post pictures of items they wish to sell. Some of the channels we are monitoring are public, while others required an invitation, which we managed to procure.
In our observations, we came across an average of 1,325 stolen checks being sold every week in October 2021, up from 634 per week in September and 409 in August. Although little historical data on this practice exists, a one-week pilot study we conducted in October 2020 places these numbers in some perspective. Back then, we observed only 158 stolen checks during that period. After we noticed a rise in stolen checks on sale, we began systematically gathering data from those channels about six months ago in order to track the trend. We downloaded the images, coded them and then aggregated the data so we could spot trends in what was being sold.
Furthermore, these figures likely only represent a small fraction of the number of checks actually being stolen and sold. We focused on only 60 markets, when in fact there are thousands currently active.
In dollar amounts, we found that the face value of the checks, as written, was $11.6 million in all of October and $10.2 million in September. But again, these values likely represent a small share of the actual amount of money being stolen from victims because criminals often rewrite the checks for much higher amounts.
Using the victims addresses, which appeared on the left top corner of the checks, and focusing on the data we collected in the month of October 2021, we found New York, Florida, Texas and California were the top sources.
How to protect yourself
Bank checking accounts usually offer customers the option to send money electronically, whether to a friend or a company, for free. And there are many apps and other services that allow you to make digital payments from bank accounts or via credit card. While there are risks with these methods as well, in general they are a lot safer than writing a check and sending it in the mail.
Still, some types of businesses may require a physical check for payment, such as landlords, utilities and insurance companies. Moreover, as a matter of personal preference, some people—myself included—prefer to pay their bills using checks rather than other methods of payment.
To avoid the risk, I make sure to drop off all my letters containing checks inside my local post office. That’s generally your best bet for keeping them out of the hands of criminals and ensuring they reach their intended destination.
As for enforcement, the inspection service works with the police and others to crack down on mail-related crime. These efforts result in the arrest of thousands of mail and packages thieves every year. However, for every arrest, there are many more criminals who go undetected.
And when we informed officials of our findings, they were also surprised by what we discovered but planned to step up monitoring of these types of black market communication channels.
Our research suggests much more systematic data on this type of fraud is needed in order to better understand how it works, crack down on the activity and prevent it from occurring in the first place.