Black Market Chat Rooms: A New Source for Check Fraud
- A special research team has been closely studying fraud
- Check fraud can lead to cybercrimes such as identity theft
- Check fraud is growing and supported by an "underground" structure
Many of us in the banking industry rely heavily on check fraud data from various industry sources such as the American Bankers Association (ABA), Association of Financial Professionals (AFP), and various banks or other industry third parties. These are not the only sources of valuable information on the rise of check fraud.
Dr. David Maimon is the founder and and director of Georgia State University’s Evidence Based Cybersecurity Research Group, which has been created to learn what works and what doesn’t in preventing cybercrime.
Cybersecurity Research Leads to Non-Cyber Discovery
In an article in MarketWatch, Dr. Maimon describes how his team performs their comprehensive surveillance:
"For the past two years, we’ve been surveilling 60 black-market communication channels on the internet to learn more about the online-fraud ecosystem and gather data on it in a systematic way in order to spot trends."
Through the teams research, they made a non-cyber discovery that, while common knowledge for in the banking industry, shocked the researchers:
"One thing we didn’t expect to see was a surge in purloined checks."
Dr. Maimon goes on to explain how check fraud is perpetrated and how it can lead to cybercrimes:
"Criminals are increasingly targeting U.S. Postal Service and personal mailboxes to pilfer filled-out checks and sell them over the internet using social media platforms. The buyers then alter the payee and amount listed on the checks to rob victims’ bank accounts of thousands of dollars. While the banks themselves typically bear the financial burden and reimburse targeted accounts, criminals can use the checks to steal victims’ identities, which can have severe consequences."
"Thieves may deposit or cash the checks themselves or sell them on to others via a marketplace of illicit items, such as fake IDs and credit cards. Prices are typically $175 for personal checks and $250 for business ones – payable in bitcoin – but always negotiable and cheaper in bulk, based on our observations and direct interactions with the sellers."
"In some cases we believe criminals are using the checks to steal the victim’s identity by using their name and address to manufacture fake driver’s licenses, passports and other legal documents. Upon taking over someone’s identity, a criminal may use it to submit false applications for loans and credit cards, access the victim’s bank accounts and engage in other types of online fraud.
But how does research in cybercrime link to check fraud -- which typically deals with physically stealing and altering paper checks?
Black-Market Chat Rooms
Not content to gather merely "surface-level" information, the group went "deep dive":
"To better understand how cybercriminals operate, my team of graduate students began monitoring 60 online chat-room channels where we knew people were trafficking in fraudulent documents. Examples of these types of channels are group chats on messaging apps like WhatsApp, ICQ and Telegram, in which users post pictures of items they wish to sell. Some of the channels we are monitoring are public, while others required an invitation, which we managed to procure."
"After we noticed a rise in stolen checks on sale, we began systematically gathering data from those channels about six months ago in order to track the trend. We downloaded the images, coded them and then aggregated the data so we could spot trends in what was being sold."
"In our observations, we came across an average of 1,325 stolen checks being sold every week in October 2021, up from 634 per week in September and 409 in August. Although little historical data on this practice exists, a one-week pilot study we conducted in October 2020 places these numbers in some perspective. Back then, we observed only 158 stolen checks during that period."
"Furthermore, these figures likely only represent a small fraction of the number of checks actually being stolen and sold. We focused on only 60 markets, when in fact there are thousands currently active."
While the sample size is small and contains little historical data, the Georgia State University’s Evidence Based Cybersecurity Research Group is providing the industry with not only a new data source for check fraud, but also uncovering one of the many ways fraudsters are leveraging black-market communication channels to commit check and cyber fraud. It should also be noted that the group was only monitoring 60 channels when there are currently thousands of channels active -- which drives the numbers up exponentially.
It is important for banks to take a proactive approach to fraud in all its channels. When looking at check fraud, image forensic AI is available to stop fraudsters from stealing funds, but banks need to guide their customers on next steps to ensure their identities remain safe. As seen in the article above, these customers face identity theft as the fraudsters already have essential information to open new accounts, credit cards, or apply for mortgages and loans. Having customers monitor their credit reports as well as subscribing to a identity protection service will help ensure their identities are safe.