from blackhat – check fraud on an industrial scale

Make money as a payment processor! (Not)

A security researcher speaking at the recent Black Hat conference in Las Vegas described a new, sophisticated and automated approach to check fraud which allowed one or more people in Russia to dupe (not very bright) online job seekers into wiring money to them.

Here’s how they did it:

First, they got access to images of checks which had been processed by lockbox services, which receive and process checks for vendors.  In some cases, they got malware on to machines used to process the checks and siphoned out the images over an encrypted VPN connection.  Other check images were gathered via hacking vulnerable web sites which sat in front of check image databases.

Using off the shelf software, they used the purloined images to print counterfeit checks with real company names and account numbers.  Each counterfeit check was made out for $3000 or less, to avoid procedures applied to larger denomination checks.

Next, the group posted “job offers” and scraped web sites to develop an email list of potential “money mules” who were then spammed with emails offering them with “jobs” as “payment processors” for legitimate sounding (if you are an idiot) firms.  Those who took the bait were sent checks and instructed to deposit them into their bank accounts and wire a portion of the funds to Russia.  Of course, once the bank caught on to the fact that the check was a fake, the “payment processor” was on the hook for the full amount of the check and the Russian gang had made a tidy profit from the wired cash.

These guys were thorough – they even mailed the checks to the victims via phony accounts with an overnight shipping firm, bilking the delivery compay out of $65,000 in services.

It is amazing to me that anyone still falls for these kinds of scams.  Yes, we all wish that we could make money from home by simply depositing checks and wiring funds, but you really have to be a bit dim to think that this is a legitimate business proposition.  I guess there will always be an abundant supply of stupidity for fraudsters to tap with ever increasing cleverness and sophistication.


You can find out more about check fraud as well as how to protect your accounts from this informative booklet offered by the US Comptroller of the Currency.

Leave a Reply