Recorded Future Report Analyzes 700 Telegram Channels for Stolen Checks
- Recording Future monitors 700 Telegram Channels for Stolen Checks in H1 2024
- 85% of stolen checks are likely "reposts"
- High concentrations of stolen checks are in metropolitan areas
Telegram is a major communication channel leveraged by criminals due to its encryption and anonymity. This makes it an attractive method for selling stolen checks. Previously, we outlined research from Dr. David Maimon and the Georgia State Evidence-based Cybersecurity Research Group at Georgia State University where they monitored over 80+ different Telegram channels and dark web markets for stolen checks -- yielding an average of 9000+ stolen checks sold per month.
In a new report from Recorded Future, their Payment Fraud Intelligence takes a deeper dive into Telegram and stolen checks, analyzing 700 Telegram channels in H1 of 2024.
Significant trends noted in the report include:
- Rampant Reposting on Telegram: The analysis reveals that 85% of check images shared on Telegram are reposts, indicating a chaotic landscape where checks are frequently advertised across multiple channels. This trend not only complicates the identification process for financial institutions but also highlights the organized nature of these fraud networks.
- Swift Sharing of Stolen Checks: Approximately 50% of stolen check images are posted within eight days of theft, emphasizing the speed at which stolen information circulates among cybercriminals. This quick turnaround time demands equally swift responses from affected parties to mitigate potential damages.
- Geographic Patterns Offer Insights: While check fraud impacts all 50 states, the Eastern Seaboard shows a particularly high density of incidents. Check data trends in metropolitan areas like New York City and Baton Rouge illustrate how many threat groups are likely conducting mail theft-related check fraud.
Mapping Stolen Check Hotspots
In addition to key findings described above, the report provides a geographical map showing regional density of stolen checks. While major metropolitan areas are at high-risk, stolen checks can come from any area.
Record Future takes deeper dives into New York City and the Baton Rouge/St. Landry Parish area in Louisiana.
The New York City research revealed that the types of checks stolen checks varied across multiple ZIP codes, "indicating that numerous threat groups are likely operating across the city."
In Baton Rouge/St. Landry Parish in Louisiana, however, there was a high concentration of US Treasury checks in March/April of 2024 (tax season).
The Future of Check Fraud
Record Future's sentiment is one with which we whole-heartedly agree:
Ultimately, check fraud’s documented rise in the face of declining check usage makes it unrealistic to expect that declining check usage alone will solve the problem of check deposit fraud in the short term ... we have no evidence to suggest that the key factors enabling check fraud — including insider threats, unmonitored mail drop boxes, commercially available solvents for “washing” checks, and willing money mules to deposit stolen checks — will disappear any time soon."
Simply put, the decline in checks will not lead to lowering check fraud.
Record Future notes that the only way for financial institutions to curb check fraud is to deploy improved check verification and anti-fraud processes. There are various complementary technologies that work harmoniously with one another to create a strong check fraud detection defense. These include transactional/behavioral analytics, image forensic AI, consortium data, and dark web monitoring. The onus is on each FI to deploy these technologies into their workflow to reduce losses.