“We Infiltrated a Counterfeit Check Ring! Now What?”
- Check scammers are well organized
- A group of online fraud-fighters is helping to ID the bad guys
- FI's need to maintain cutting edge fraud detection to protect customers
What if you could see a multi-victim, megabucks scam unfold right in front of your eyes?
An online fraud fighter known as “Brianna Ware” (“B. Ware” for short - get it?) is a longtime member of a global group of volunteers who have managed to infiltrate a "cybercrime gang" that disseminates counterfeit checks tied to a dizzying number of online scams.
Brian Krebs of Krebs On Security took a look at that specific situation in a recent blog post:
For the past year, B. Ware has maintained contact with an insider from the criminal group that’s been sending daily lists of would-be victims who are to receive counterfeit checks printed using the real bank account information of legitimate companies.
“Some days we’re seeing thousands of counterfeit checks going out,” B. Ware said.
The scams used in connection with the fraudulent checks vary widely, from fake employment and “mystery shopper” schemes to those involving people who have been told they can get paid to cover their cars in advertisements (a.k.a. the “car wrap” scam).
Big Money
These are not chump-change transactions, either. This particular fraud group disseminates counterfeit checks in amounts ranging from $2,500 to $5,000. These are “advanced fee” scams, meaning that they suggest that a small payment now by the "mark" will result in a greater return later - - which, of course, never materializes.
In each scheme the goal is the same: Convince the recipient to deposit the check and then wire a portion of the amount somewhere else. A few days after the check is deposited, it gets invariably canceled by the organization whose bank account information was on the check. And then person who deposited the phony check is on the hook for the entire amount.
“Like the car wrap scam, where they send you a check for $5,000, and you agree to keep $1,000 for your first payment and send the rest back to them in exchange for the car wrap materials,” B. Ware said. “Usually the check includes a letter that says they want you to text a specific phone number to let them know you received the check. When you do that, they’ll start sending you instructions on how and where to send the money.”
While wire transfer used to be the way victims paid (and lost) their money, nowadays crooks are asking people to forward the money via mobile applications like CashApp and Venmo.
No Response From the Post Office or FedEx
About a year ago, B. Ware’s group began sharing what it was learning about the fraudsters with fraud investigators at the primary delivery mechanisms for these counterfeit checks: FedEx and the U.S. Postal Service. Krebs reports that the fraudsters, in this case, are using stolen shipping labels paid for by companies who have no idea their FedEx or USPS accounts are being used for such purposes. Unfortunately, neither company has responded with any manner of enthusiasm, if at all.
It’s so much information that they really don’t want it anymore and they’re not doing anything about it,” B. Ware said of FedEx and the USPS. “It’s almost like they’re turning a blind eye. There are so many of these checks going out each day that instead of trying to drink from the firehouse, they’re just turning their heads.”
FedEx did not respond to requests for comment. The U.S. Postal Inspection Service responded with a statement saying it “does not comment publicly on its investigative procedures and operational protocols.”
Krebs On Security also spoke to Ronnie Tokazowski, a threat researcher at Agari, a security firm that has closely tracked many of the groups behind these advanced fee schemes.
Tokazowski explained that it’s likely the group B. Ware has infiltrated is involved in many other email fraud schemes, including so-called “business email compromise” (BEC) or “CEO scams,” in which the fraudsters impersonate executives at a company in the hopes of convincing someone at the firm to wire money for payment of a non-existent invoice. According to the FBI, BEC scams netted thieves nearly $2 billion in 2020 — far more than any other type of cybercrime.
In a report released in 2019 (PDF), Agari profiled a group it dubbed “Scattered Canary” that is operating principally out of West Africa and dabbles in a dizzying array of schemes, including BEC and romance scams, FEMA and SBA loans, unemployment insurance fraud, counterfeit checks and of course money laundering.
Given the prevalence of fraud, the collaborative nature of the crimes, and the lack of significant preventative "grass roots" collaboration from major shipping organizations, banks represent the final defense against fraud. Aside from creating awareness of these fraud schemes to their customer base, it is important that banks deploy image-analysis technologies leveraging AI technologies to complement transaction-based technologies, ensuring a complete fraud detection solution. By deploying these technologies throughout the omnichannel, banks can effectively detect fraudulent items in near real-time, before funds are withdrawn and wired to the fraudsters.