Crooks Crack Check Image Sites, Steal $9 Million

Know how when you go into your online checking account you can click on checks that you’ve written and see the scanned image of them? Well, those pictures have to be stored somewhere, and they’re not always secure. Russian crooks broke into three sites that store archival check images, stole the information, and wrote over $9 million in phony checks against over 1,200 accounts.

In order to keep the money, though, the crooks have to recruit “money mules” through online job posting sites to unwittingly launder the checks and send the thieves money from their own accounts, as we talked about recently in “Watch A Money Mule Scam Unfold.”

The security research firm that discovered the breach said that they’ve notified the affected sites who have since sealed up the gaps, but the scam is still operating and targeting other image archival companies.

Hm, what’s the digital equivalent of the phrase, “hanging paper?”

Savvy fake check scam goes viral [TheSunNews] (Thanks To Robert!)

Comments

Edit Your Comment

  1. digital0verdose says:

    Anyone else see this new Direct TV add with the eastern European guy who kisses this really tiny giraffe?

    Anyone else picture him as a guy behind all this crap?

    Did I just racially profile?

  2. pecan 3.14159265 says:

    Yet another reason to avoid writing checks. I wish I could pay my rent with a credit card, but I’m not inclined to pay that $15 transaction fee.

    • adamstew says:

      Can you use your bank’s online bill payment service?

      I have Bank of America (I know, i’m a terrible consumerist) and they will let me pay ANYONE using their online bill payment service. If BoA doesn’t have an electronic transfer agreement with the person/company i’m paying then they debit my account, print off and mail a check. The check that gets sent has Bank of America’s account numbers on it and not my own account numbers. This gives me the “my bank account numbers aren’t out in the wild” protection without having to use my credit card.

      • tbax929 says:

        I tried that with my rent, which is one of the few checks I write. The problem was they sent a paper check out, but it took 5 days for the property management to receive it. And it what would come as no surprise to anyone who’s ever dealt with a property management company, they hit me with a $50 late fee, even though I printed out the online bill pay, which showed I ordered the check in plenty of time.

        So now they just get a check from me. I cannot wait to move into my house and be done with them.

        • notovny says:

          It’s for that exact reason that I typically initiate the online bill pay for rent 8-10 days before it’s due, so there’s enough time to process, generate the check, mail the check, and have the company that runs my apartment deposit the check before the due date.

          So far, that’s not bitten me.

          • meske says:

            With Wachovia/Wellsfargo billpay, the date you enter is the date the check is guaranteed to either be paid (via ACH) or arrive (if a paper check). The system knows whether it’s paper or electronic, so it will not allow you to select a “pay by” date that it can’t deliver on.

            • ben says:

              That’s the way BOA’s works too, but you can’t really “guarantee” a paper check arriving in the mail on a certain day.

        • dg says:

          Doesn’t matter how long it took them to receive it. What was the POSTMARK on the envelope? If it was prior to the due date, it was considered paid on-time.

      • PsiCop says:

        +1 on that. I’ve used BoA bill payment to send checks to companies that won’t take e-payments. Only downside is the required lead-time; it takes a couple days before they cut the check, and then it takes a couple more to get where it’s going. And yes, the check that they do send is a bank check, not the customer’s, so the customer account is never compromised.

        It’s a good option if I have the time, and it’s free … so far .

    • Beeker26 says:

      Or pop for a 49 cent money order.

  3. chefboyardee says:

    I had to read that headline like 4 times before it made sense. Apparently alliteration almost escapes me…

  4. clickable says:

    This was a hack waiting to happen.

    I find the accessibility to be very convenient, but every time I log on at my bank’s website, I’m struck by the arbitrary approach to data security. “For my protection,” the bank won’t let me see my full account number even when I am logged on to what is an ostensibly super-secure site. They only show the last four digits of each account number. But when I want to download or just view images of my bank statements and of the individual checks, all I need to do is click “Front” or “Back,” and there I have it all. Not only the full account number, not only the check number – how convenient for a potential forger to know what the next number is in the sequence! – but of course facsimiles of the signatures on the checks, and of the payees who endorse them by signing the back. And for good measure, the images can be enlarged to ten times bigger than the check – once again, making it easier for potential forgers to learn my signature.

    So either the site is secure, or it’s not. If it’s secure enough to show me images of my checks, then it’s secure enough to display my account information. And if it’s not, then don’t show images of my checks.

  5. teqjack says:

    “Know how when you go into your online checking account you can click on checks that you’ve written and see the scanned image of them?”

    Uh, no, never heard of it. I can see a one-line-per-payout list. To see an image, I either have to go to a branch or wait for a printed statement. In fact, two banks I used to deal with no longer show images at all without going through hoops. A prior commentor says he can see the BACK of the check – now that is even worse, depending on what type of “this has been processed” stamp from OTHER bank[s] is in use.

    I can see slight advantages, but why in the blinking blue blazes would a bank not only keep those [relatively] huge files online but also not restrict access?

  6. wickedpixel says:

    when i see those ads all i can think about is wanting a tiny giraffe

  7. jenjenjen says:

    My bank lets me see three months online, and if I need anything further back I have to go in and ask. The system is so secure that the one time I needed to get old check images it took over 10 minutes to locate the one person in the branch that had the password for the image database. Hoping that person is not a crook.

  8. p. observer says:

    Dear consumerist i and everyone who knows the difference thanks you for using “crack” instead of “hack” it really makes my day when people get it right

    also $9million… pwned