Illustration: Shoshana Gordon/Axios
Thieves are stealing paper checks from mailboxes, “washing” them with nail polish remover, and filling in new amounts and payees — causing endless grief for victims and their banks, which typically foot the bill.
Driving the news: The black market for “glass” — pilfered checks sold online, with a guarantee they’ll clear at the bank — is growing more widespread and sophisticated.
- Criminals are branching into stolen account numbers and identity theft, and selling the “arrow keys” mail carriers use to open multiple boxes.
- Lots of mail — including mail-in voter ballots — is getting dumped after thieves cull out the checks.
How it works: Thieves either “fish” letters out through the mail slot or — more commonly now — rob postal workers for their mail and arrow keys.
- “We see [sellers] offering $1,000 to $7,000 a key, depending on the amount of mailboxes in the ZIP code,” says David Maimon, a cybercrime expert at Georgia State University who has been tracking the surge.
- Personal checks “now go for up to $250” apiece — up from $125 to $175 earlier this year, Maimon tells Axios. Washed business checks now sell for as much as $650, up from $250.
What they’re saying: “It’s gone berserk,” says Frank McKenna, a fraud consultant to the banking industry, who traces the phenomenon to the pandemic-era boom in stolen stimulus checks and unemployment benefits.
- For more than two years, Maimon’s Evidence-Based Cybersecurity Research Group has been surveilling 60 black-market communication channels to study the online fraud ecosystem.
- The most illicit activity takes place on Telegram, he said — though how-to videos on check-washing can also be found on YouTube.
- While California, New York, New Jersey and Florida are among the biggest hotbeds, “we’re seeing this spreading to distant states,” Maimon tells Axios.
And the information being sold with a check has evolved considerably: Fraudsters now offer the check-writer’s Social Security number and account balances, obtained from the dark web.
- “We’re talking about a very sophisticated supply chain at this point,” Maimon says. “It’s just mind-boggling how things have evolved.”
Counteroffensive: The U.S. Postal Service has been putting warning signs on blue mailboxes, telling people to use online bill pay or bring their letters to a post office.
- Gel pens are being marketed as “fraud prevention” because checks written in indelible ink can’t be washed.
- Congress recently held a hearing to address “rampant” mail theft — the extent of which isn’t fully known.
- To thwart fraud, banks are staffing up in check processing — and pointing the finger at staffing cuts at the U.S. Postal Inspection Service, the USPS’ law enforcement arm.
Of note: “Check fraud has become so widespread due to brazen criminality and mail theft that many banks are struggling to collect on bad checks from other banks,” the American Banker reports.
- “Though fraud losses are skyrocketing at all banks, small banks appear to be bearing the brunt of check fraud,” the news site said.
- “Banks typically reimburse their customers when a fraudulent or stolen check gets posted against their account, but getting repaid for a bad check has become a long, drawn-out affair.”
Between the lines: The Postal Inspection Service is on the hot seat over the issue.
- “It’s really frustrating that banks are being held liable because the Postal Service can’t secure the mail,” says Paul Benda, senior vice president for operational risk and cybersecurity at the American Bankers Association.
- For its part, the Postal Inspection Service says it has made “significant security enhancements” to mailboxes, and touts that postal inspectors made 1,511 arrests for mail theft in 2021, with 1,263 convictions.
Yes, but: Frank Albergo, president of the Postal Police Officers Association, calls that a drop in the bucket. “These numbers may seem impressive at first blush, but they are not,” he said in congressional testimony.
The bottom line: Maimon says that “much more systematic data on this type of fraud is needed in order to better understand how it works, crack down on the activity, and prevent it from occurring in the first place.”
- “I’ve been talking about this for a year, and nothing has changed,” Maimon tells Axios. “Nothing.”