Researchers from the security firm Trusteer have come across a scam, advertised on underground forums, that represents a perfect combination between the classic check fraud and the malicious operations performed by cybercriminals.
Basically, the seller offers high-quality false bank checks on which any information can be printed. For a mere $5 (3.8 EUR) the fraudster that runs the operation can print any banking credentials the buyer wants.
If the buyer doesn’t possess the data, the seller has his own sets of stolen credentials, but the price increases in this case to $50 (38 EUR) per check.
The fields printed on the phony checks include name, address, phone number, bank account, routing code and check number.
To obtain this information, profit-driven hackers rely on pieces of malware and phishing scams which help them find out the victim’s online banking credentials.
Since financial institutions provide scanned versions of checks, if the crooks gain access to the online banking platform they can retrieve all the information they need.
The individual that sells the checks recommends that his customers use them to make purchases in retail stores, instead of trying to cash them. Buyers are also advised to carry IDs that match the ones on the falsified checks. For the right price, the counterfeiter can also provide the identification documents.
“This is the latest example of the how criminals can use malware and phishing techniques to make traditional physical fraud schemes more effective,” Trusteer’s Amit Klein wrote.
“This ‘cross-channel’ approach is helping fraudsters stay one step ahead of even the most sophisticated fraud detection systems deployed online and in the brick and mortar world. It is also creating a new generation of Frank Abagnale’s that are not even required to come up with their own fraud scams.”