Protecting Your Pots of Gold

The first few minutes of 2022, I felt anything but lucky! It was right before the countdown to 2022 and while everyone around me was celebrating preparing for a new year (hopefully the end of Covid and other great things), I was on the phone with the fraud department at my bank.

I was looking over expenses in my bank and I noticed a check that was taken from my account that didn’t look quite right. It seemed like it could have been a legitimate transaction, except – it was one we didn’t make! In fact, a scanned copy of the check showed that it was almost identical to my real checks with just a slight change in the spelling of my name. Someone had created a counterfeit of our checks, forged a signature and successfully used it! Yes, cashed in and all! My pot of gold, gone.

With our little use of checks, four checks written from that account in 2021 and two of them written to ourselves, I have no real idea how they got a copy of ours to duplicate it. I was shocked!! After some research, I learned there was a market on the darkweb for check info. With a copy of a check anyone can duplicate and cash in, steal your identity and more.

We can only assume that one of the 2 companies we wrote the checks to in Hawaii, sold my details to someone in California and cashed it at a Wells Fargo bank. The most terrifying part of this, is the bridge that crosses old school theft into financial cyber crime and identity theft. Unfortunately, criminals will stop at nothing to steal your gold no matter where you’ve stored it, or how you spend it.

Reported cases of situations like ours, show that in addition to changing payee and amounts of checks, criminals are selling a copy of your check for a few hundred dollars on the black market. Buyers are then using the checks to steal the victim’s identity by using their name and address to manufacture fake driver’s licenses, passports and other legal documents. They can also use this information to boost their phishing attempts to you and your employees by having a large amount of accurate data to present to create a false sense of security.

We talk a lot about phishing attacks, emails being used to gain information to steal financial accounts, credit cards, and other payment card information. We think it’s incredibly important to have all your employees trained routinely on current tactics and attempts criminals are using to steal your data and money. A ransomware attack alone can cost businesses hundreds of thousands of dollars to recover, let alone a ransomware attack coupled with financial fraud.

While there’s little to do to prevent the physical fraud (other than to avoid sending checks), here are a few things to keep in mind.

  1. Protect checks that you give out and the checks that come to you. Only have a minimum number of people handle
  2. If you use remote deposit, shred checks after 2
  3. Have checks and balances, double check every check that comes out of each and every one of your accounts.

Stay safe out there, and remember, you create your own luck!

Chuck Lerch