Fraudsters attempt to steal paper checks from mailboxes, "washing" them with nail polish remover and filling in new amounts and payees, causing victims and their banks, which usually foot the bill, to suffer indefinitely.
The black market for "glass" — pilfered checks sold online with the assurance that they will clear at the bank — is becoming more widespread and sophisticated.
Criminals are diversifying into the sale of stolen account numbers and identity theft, as well as the "arrow keys" used by mail carriers to open multiple boxes.
Following the theft of the checks, a large amount of mail, including mail-in voter ballots, is dumped. Thieves either "fish" letters out of the mail slot or rob postal workers of their mail and arrow keys.
"We see [sellers] offering $1,000 to $7,000 a key, depending on the number of mailboxes in the ZIP code," states David Maimon, a cybercrime expert at Georgia State University who has been tracking the surge.
As per Maimon, personal checks now "go up to $250" apiece, up from $125 to $175 previously this year. Washed business checks can now fetch up to $650, up from $250.
"It's gone berserk," says Frank McKenna, a banking fraud consultant who traces the phenomenon back to the pandemic-era surge in stolen stimulus checks and unemployment benefits.
Maimon's Evidence-Based Cybersecurity Research Group has been monitoring 60 black-market communication channels to study the online fraud ecosystem for more than two years. He claims that most illegal activity occurs on Telegram, though how-to videos on check-washing can also be found on YouTube.
While California, New York, New Jersey, and Florida are among the most affected, Maimon tells Axios that "we're seeing this spreading to distant states." And the data sold with a check has changed significantly: fraudsters now offer the check-Social writer's Security number as well as account balances obtained from the dark web.
"We're talking about a very sophisticated supply chain at this point. It's just mind-boggling how things have evolved."The United States Postal Service has placed warning signs on blue mailboxes, advising people to use online bill pay or bring their letters to a post office," he further added.
Because checks written in indelible ink cannot be washed, gel pens are marketed as "fraud prevention." Congress recently held a hearing on "rampant" mail theft, the scope of which is unknown. Banks are staffing up in check processing to combat fraud while blaming staffing cuts at the US Postal Inspection Service, the USPS' law enforcement arm.
"Check fraud has become so widespread due to brazen criminality and mail theft that many banks are struggling to collect on bad checks from other banks," the American Banker reports." Though fraud losses are skyrocketing at all banks, small banks appear to be bearing the brunt of check fraud," the news site said.
"Banks typically reimburse their customers when a fraudulent or stolen check gets posted against their account, but getting repaid for a bad check has become a long, drawn-out affair."
The Postal Inspection Service is on the hot seat over the issue. The Postal Inspection Service, for its part, claims that it has made "significant security enhancements" to mailboxes and that postal inspectors made 1,511 arrests for mail theft in 2021, with 1,263 convictions.
"It's really frustrating that banks are being held liable because the Postal Service can't secure the mail," says Paul Benda, senior vice president for operational risk and cybersecurity at the American Bankers Association." These numbers may seem impressive at first blush, but they are not," he said in congressional testimony.
The bottom line is that "much more systematic data on this type of fraud is needed to better understand how it works, crack down on the activity, and prevent it from occurring in the first place," according to Maimon.
