Nearly 20,000 Stolen Checks Worth Over $485M Found on Telegram
- Telegram is a bountiful resource for check scammers
- 20,000 checks were catalogued, sourced from nearly 2,000 different US banks and credit unions
- Government checks make up 22.6% of the total
In order to commit check fraud, the first step for a fraudster is simple: obtaining a legitimate check. Sure, a fraudster can purchase blank check stock, but they still need to obtain the routing and account numbers to print onto the check stock. This is why the majority of stolen checks are obtained via USPS mail.
But, how many stolen checks are available for purchase on the dark web. Well, Dr. David Maimon -- now SentiLink's Head of Fraud Insights -- recently took a "deep-dive" into some of the "darker" Telegram channels.
As SentiLink's Head of Fraud Insights, part of my job is keeping an eye on darkweb markets, seedy Telegram channels, and other corners of the internet where we find the supply side for much of the fraud that SentiLink detects for our partners later down the line.
Recently, we began monitoring a select group of Telegram channels that are frequently used for check fraud and cataloging the stolen checks we find there. In just the past few months, we've cataloged nearly 20,000 checks, sourced from nearly 2,000 different US banks and credit unions, totaling more than $485 million in potentially-stolen funds.
Incredibly, Mr. Maimon and his team were able to catalog 18,030 checks shared across 53 different Telegram channels -- and, he notes, that's just from May 5, 2024 to mid-October.
Most of the stolen checks (63%) involve businesses; either business-to-business or business-to-individual transactions. Government checks, especially from the IRS, make up 22.6% of the total.
31 different financial institutions have had at least $1M worth of checks shared. In total, fraudsters have shared at least $10M in checks from four of the top five US banks.
More than Check Fraud
Stolen check details can be used by fraudsters for check washing, counterfeiting and cooking, identity theft, and ACH fraud. By their very nature, Mr. Maimon reports, they contain and reveal a lot of valuable information:
- The payor's name
- (Typically) the payor's address and phone number
- The payor's signature
- The payor's bank
- The payor's routing and account numbers
- The payee's name
- (Often) the payee's address and phone number
Fraudsters are not looking for just a quick score. With all this valuable information, the fraudster can perform a variety of different scams and schemes to not only extract funds, but also open fraudulent loans and other nefarious activities.
Collaboration Needed to Stop Fraudsters
In order to stop fraudsters, financial institutions need to work together -- which meams Internal collaboration with the front line staff, fraud department, and AML/BSA is crucial to effectively stop fraudsters.
Oftentimes each department utilizes different technologies instead of having key technologies available to all -- or at least access to case management systems with which to review all transactional data and fraud results. Technologies should be feeding data and results into the case management system, including:
- Behavioral/transaction analytics
- Image forensic AI
- Consortium data
- Dark web monitoring
If fraud is identified -- whether from a stolen check or other activity -- the account holder should be notified and provided steps to protect themselves. This includes freezing the account, changing the account information, and even identity monitoring. Following these steps will not only protect the bank and its customers, but also boost the bank's reputation.