The volume of
The
In a report to be released Thursday, a Boston cybersecurity firm has found that nearly one million stolen check images were posted on Telegram in the first half of the year. The stolen check images were posted on more than 700 Telegram sources and tended to get reposted up to six times, a signal that check fraud is ubiquitous on Telegram, an encrypted messaging service whose users are difficult to track, experts said.
"That's the dilemma for banks," said Noah Nguyen, senior threat intelligence analyst at Recorded Future, who co-authored the report. "Telegram is this salient source of check data and it's difficult to take action at the volume and the scale — tracking one million checks — in a way that doesn't completely drain their budgets and resources."
Unlike other messaging apps,
Telegram has played a key role in facilitating the sale of stolen checks and mail fraud. The app is used to advertise the sale of U.S. Postal Service universal arrow keys that criminals have been stealing and selling to unlock blue USPS mailboxes from Maine to California.
"Telegram has three roles in facilitating fraud," said Haywood Talcove, CEO of LexisNexis Risk Solutions' Government group. "They are advertising the universal USPS arrow keys, they are selling stolen checks online, and they are teaching people how to actually wash a check, which is really easy."
"Mail fraud is a huge part of it because what people don't understand about criminals is they'll do what is the easiest thing to do," said Talcove, who added that fraud is, in his opinion, one of the biggest threats to national security.
Bankers are cognizant that criminals are using apps like Telegram and FraudGPT. But bankers have little control over the spread of stolen checks, or their images and consumer data that is being sold through encrypted sites.
"I'm not aware of anything our bank can do to combat the illicit use of 'secure' apps," said Steven Gonzalo, president and CEO of $1.6 billion-asset American Commercial Bank & Trust in Ottawa, Illinois.
Check fraud caused $21 billion in losses to banks globally last year and ranked as the second-highest source of fraud perpetrated against banks — second only to payments fraud — according to
"Telegram [and] TikTok have created a fraudster training ground where anyone can learn how to manipulate a check," said Kerry Cantley, vice president of digital banking strategy at Mitek Systems, a San Diego digital identity and fraud prevention firm. Mitek's remote deposit software is used by most banks.
Mitek is trying to educate customers about the need to integrate check-fraud technology into deposit channels that provide the depository bank with the information they need to determine the fraud risk. This can be done while the check is being deposited, protecting both customers and banks from potential losses. But banks are in a Catch-22 when it comes to check-fraud technology: Many banks are using old legacy systems and don't want to invest any more in them, while at the same time they are trying to invest heavily in real-time payments technology, which they see as the wave of the future.
"Check fraud is in the top tier now when you think about how much banks are losing in the multi-billion-dollar fraud industry," said Cantley, adding that "banks can't move fast enough" to combat the fraud.
"A bank may not know about the fraud until the money's gone," she said, describing how Mitek is able to compare check images at the point of capture and give each check a risk score, giving banks more information to determine whether to put a suspicious check on hold.
Though big cities have the highest concentrations of stolen checks, the Recorded Future report analyzed geodata on Telegram to identify "hot spots" where check fraud originated. New York City had the highest number of stolen checks, indicating a large number of "threat groups" operating across the city, the report found.
The report also did a case study of Baton Rouge and neighboring St. Landry Parish in Louisiana, which had a spike in thefts of Treasury checks during tax season, indicating a high number of local fraud groups.
Many consumers still write checks, typically to pay rent or utilities, and banks have been loath to tell customers not to use checks. Though
Gonzalo, whose bank is located 90 miles from Chicago, said that criminals are targeting rural banks in an effort to evade banks' efforts to crack down on fraudulent checks.
"Apparently fraudsters are realizing it's easier to conduct this kind of fraud at rural bank branches and are driving up to three hours to open fraudulent accounts in person," Gonzalo said.