The US Postal Inspection Service, the agency responsible for preventing mail theft, arrests thousands of mail thieves every year. US Postal Service photo.
Criminals are increasingly targeting U.S. Postal Service and personal mailboxes to pilfer filled-out checks and sell them over the internet using social media platforms. The buyers then alter the payee and amount listed on the checks to rob victims’ bank accounts of thousands of dollars. While the banks themselves typically bear the financial burden and reimburse targeted accounts, criminals can use the checks to steal victims’ identities, which can have severe consequences.
I founded and now direct Georgia State University’s Evidence Based Cybersecurity Research Group, which is aimed at learning what works and what doesn’t in preventing cybercrime. For the past two years, we’ve been surveilling 60 black market communication channels on the internet to learn more about the online fraud ecosystem and gather data on it in a systematic way in order to spot trends.
One thing we didn’t expect to see was a surge in purloined checks.
In general, bank check theft is a type of fraud that involves the stealing and unauthorized cashing of a check.
It’s hardly a new phenomenon. Criminals were committing check fraud as soon as the first modern checks were cut in the 18th century in England – and the authorities were already looking for ways to prevent it.
While there’s little historical data on this type of fraud, we do know it became particularly problematic in the 1990s as the internet made finding willing buyers of illicit items easier than ever. For example, financial institutions estimated they lost about US$1 billion to check fraud from April 1996 to September 1997.
But what may seem a little surprising is that its resurgence now at a time when the vast majority of transactions are conducted electronically and check use continues to wane.
Broadly speaking, the check scams we’ve been tracking look something like this:
Someone breaks into a mailbox that stores letters waiting to be sent and grabs some of them in hopes they’ll contain a check that’s been filled in. Often, the crime scene where the theft occurs is the victim’s own mailbox, but it can also be one of those blue USPS boxes you pass on the street.
Criminals can access those with a stolen or copied mailbox key, which we have seen on sale for as much as $1,000.
Thieves may deposit or cash the checks themselves or sell them on to others via a marketplace of illicit items, such as fake IDs and credit cards. Prices are typically $175 for personal checks and $250 for business ones – payable in bitcoin – but always negotiable and cheaper in bulk, based on our observations and direct interactions with the sellers.
Buyers then use nail polish remover to erase the intended payee’s name and the amount displayed on the check, replacing those details with their own preferred payee – such as a retailer – and amount, usually a lot higher than the original check. A buyer might also simply cash the check at a location like Walmart using a fake ID.
In some cases we believe criminals are using the checks to steal the victim’s identity by using their name and address to manufacture fake driver’s licenses, passports and other legal documents. Upon taking over someone’s identity, a criminal may use it to submit false applications for loans and credit cards, access the victim’s bank accounts and engage in other types of online fraud.
To better understand how cybercriminals operate, my team of graduate students began monitoring 60 online chat room channels where we knew people were trafficking in fraudulent documents. Examples of these types of channels are group chats on messaging apps like WhatsApp, ICQ and Telegram, in which users post pictures of items they wish to sell. Some of the channels we are monitoring are public, while others required an invitation, which we managed to procure.
After we noticed a rise in stolen checks on sale, we began systematically gathering data from those channels about six months ago in order to track the trend. We downloaded the images, coded them and then aggregated the data so we could spot trends in what was being sold.
In our observations, we came across an average of 1,325 stolen checks being sold every week in October 2021, up from 634 per week in September and 409 in August. Although little historical data on this practice exists, a one-week pilot study we conducted in October 2020 places these numbers in some perspective. Back then, we observed only 158 stolen checks during that period.
Furthermore, these figures likely only represent a small fraction of the number of checks actually being stolen and sold. We focused on only 60 markets, when in fact there are thousands currently active.
In dollar amounts, we found that the face value of the checks, as written, was $11.6 million in all of October and $10.2 million in September. But again, these values likely represent a small share of the actual amount of money being stolen from victims because criminals often rewrite the checks for much higher amounts.
Using the victims addresses, which appeared on the left top corner of the checks, and focusing on the data we collected in the month of October 2021, we found New York, Florida, Texas and California were the top sources.
The best advice I can give consumers who want to avoid falling victim to these schemes is to avoid mailing checks, if you can.
Bank checking accounts usually offer customers the option to send money electronically, whether to a friend or a company, for free. And there are many apps and other services that allow you to make digital payments from bank accounts or via credit card. While there are risks with these methods as well, in general they are a lot safer than writing a check and sending it in the mail.
Still, some types of businesses may require a physical check for payment, such as landlords, utilities and insurance companies. Moreover, as a matter of personal preference, some people – myself included – prefer to pay their bills using checks rather than other methods of payment.
To avoid the risk, I make sure to drop off all my letters containing checks inside my local post office. That’s generally your best bet for keeping them out of the hands of criminals and ensuring they reach their intended destination.
As for enforcement, the inspection service works with the police and others to crack down on mail-related crime. These efforts result in the arrest of thousands of mail and packages thieves every year. However, for every arrest, there are many more criminals who go undetected.
And when we informed officials of our findings, they were also surprised by what we discovered but planned to step up monitoring of these types of black market communication channels.
Our research suggests much more systematic data on this type of fraud is needed in order to better understand how it works, crack down on the activity and prevent it from occurring in the first place.
Coffee or Die is Black Rifle Coffee Company’s online lifestyle magazine. Launched in June 2018, the magazine covers a variety of topics that generally focus on the people, places, or things that are interesting, entertaining, or informative to America’s coffee drinkers — often going to dangerous or austere locations to report those stories.
Biden will award the Medal of Honor to a Vietnam War Army helicopter pilot who risked his life to save a reconnaissance team from almost certain death.
Ever wonder how much Jack Mandaville would f*ck sh*t up if he went back in time? The American Revolution didn't even see him coming.
A nearly 200-year-old West Point time capsule that at first appeared to yield little more than dust contains hidden treasure, the US Military Academy said.
Since the 1920s, a low-tech tabletop replica of an aircraft carrier’s flight deck has been an essential tool in coordinating air operations.
For nearly as long as the Army-Navy football rivalry, the academies’ hoofed mascots have stared each other down from the sidelines. Here are their stories.
Zelenskyy said on his Telegram channel the weapon was produced by Ukraine’s Ministry of Strategic Industries but gave no other details.
South Korea’s Joint Chiefs of Staff said in a statement that the launch occurred Wednesday but gave no further details, such as how far the missile flew.