On February 27, 2023, FinCEN issued (in close collaboration with the United States Postal Inspection Service) an Alert on Nationwide Surge in Mail Theft-Related Check Fraud Schemes Targeting the U.S. Mail. Despite the declining use of checks in the United States, Criminals have been increasingly targeting the U.S. Mail and United States Postal Service mail carriers since the COVID-19 pandemic to commit check fraud. The purpose of the Alert is to give a “heads up” to financial institutions to be vigilant in identifying and reporting check fraud activity, to ensure that SARs filed by financial institutions appropriately identify and report suspected check fraud schemes that may be linked to mail theft in the United States and provide 10 financial Red Flags.
What is mail theft-related check fraud?
The fraudulent negotiation of checks stolen from the U.S. Mail. Fraud, including check fraud, is the largest source of illicit proceeds in the United States and represents one of the most significant money laundering threats to the United States, as highlighted in the U.S. Department of the Treasury’s most recent National Money Laundering Risk Assessment and National Strategy for Combatting Terrorist and other Illicit Financing. The Alert states that criminals committing mail theft-related check fraud generally target the U.S. Mail in order to steal personal checks, business checks, tax refund checks, and checks related to government assistance programs, such as Social Security payments and unemployment benefits. Criminals will generally steal all types of checks in the U.S. Mail as part of a mail theft scheme, but business checks may be more valuable because business accounts are often well-funded and it may take longer for the victim to notice the fraud.
Who commits the check fraud?
Mail theft-related check fraud is increasingly committed by non-USPS employees, ranging from individual fraudsters to organized criminal groups comprised of the organizers of the criminal scheme, recruiters, check washers, and money mules.
What is Check Washing?
Check washing involves the use of chemicals to remove the original ink on a check to replace the payee and often the dollar amount. Fraudsters may also copy and print multiple washed checks for future use or to sell to third-party criminals.
Who is a Money Mule?
A money mule is a person (whether witting or unwitting) who transfers or moves illicit funds at the direction of or on behalf of another.
How is check fraud committed by the criminals? They:
- Target USPS blue collection boxes, unsecured residential mailboxes, and privately owned cluster box units at apartment complexes, planned neighborhoods, and high-density commercial buildings.
- Force entry or the use of makeshift fishing devices, and increasingly involves the use of authentic or counterfeit USPS master keys, known as Arrow Keys. Arrow Keys open USPS blue collection boxes and cluster box units within a geographic area, and a number of recent cases involve organized criminals violently targeting USPS mail carriers with the intent of stealing Arrow Keys.
- Obtain Arrow keys from corrupt Postal Service employees who unlawfully provide them to facilitate mail theft. Illicit actors may also copy and sell stolen Arrow Keys to third-party fraudsters on the dark web and through encrypted social media platforms in exchange for convertible virtual currency.
- Alter or “wash” the checks, replacing the payee information with their own or fraudulent identities or with business accounts that the criminals control. During check washing, these illicit actors also often increase the dollar amount on the check, sometimes by hundreds or thousands of dollars. Washed checks may also be copied, printed, and sold to third-party fraudsters on the dark web and encrypted social media platforms in exchange for convertible virtual currency. In some cases, victim checks are also counterfeited using routing and account information from the original, stolen check. Illicit actors may cash or deposit checks in person at financial institutions, through automated teller machines (ATMs), or via remote deposit into accounts they control, and which they often open specifically for the check fraud schemes.
- Rely on money mules and their pre-existing accounts to deposit fraudulent checks. Once the checks are deposited, the illicit actors often rapidly withdraw the funds through ATMs or wire them to other accounts that they control to further disguise their ill-gotten gains.
- Use personal identifiable information found in the stolen mail for future fraud schemes such as credit card fraud or credit account fraud.
10 Red flags to help financial institutions detect, prevent, and report suspicious activity connected to mail theft-related check fraud
- Non-characteristic large withdrawals on a customer’s account via check to a new payee.
- Customer complains of a check or checks stolen from the mail and then deposited into an unknown account.
- Customer complains that a check they mailed was never received by the intended recipient.
- Checks used to withdraw funds from a customer’s account appear to be of a noticeably different check stock than check stock used by the issuing bank and check stock used for known, legitimate transactions.
- Existing customer with no history of check deposits has new sudden check deposits and withdrawal or transfer of funds.
- Non-characteristic, sudden, abnormal deposit of checks, often electronically, followed by rapid withdrawal or transfer of funds.
- Examination of suspect checks reveals faded handwriting underneath darker handwriting, giving the appearance that the original handwriting has been overwritten.
- Suspect accounts may have indicators of other suspicious activity, such as pandemic-related fraud.
- New customer opens an account that is seemingly used only for the deposit of checks followed by frequent withdrawals and transfer of funds.
- A non-customer that is attempting to cash a large check or multiple large checks in-person and, when questioned by the financial institution, provides an explanation that is suspicious or potentially indicative of money mule activity.
Financial Institutions need to follow their BSA requirements
“A financial institution is required to file a SAR if it knows, suspects, or has reason to suspect a transaction conducted or attempted by, at, or through the financial institution involves funds derived from illegal activity; is intended or conducted to disguise funds derived from illegal activity; is designed to evade regulations promulgated under the BSA; lacks a business or apparent lawful purpose; or involves the use of the financial institution to facilitate criminal activity.”
Who is your Corporate Governance Expert? ©