Massive cheque counterfeiting botnet ring uncovered

Massive cheque counterfeiting botnet ring uncovered

Security outfit SecureWorks has uncovered a sophisticated cheque counterfeiting operation that deploys a network of botnets, malware and moneymules to steal, print and cash millions of dollars worth of bogus cheques.

The Russian-based gang uses the botnet architecture to scan the Web for weaknesses in cheque archiving and verifications services, sniffing out previously-cashed cheque images stored online. The same botnet is also used to scrape online job sites for money mule recruitment purposes.

The scammers use stolen credit card data to print up replica cheques and pay for shipment to the money mules who take a percentage in return for forwarding the cash to bank accounts in Russia.

SecureWorks believes the scam has been in operation since at least June 2009, during which time the gang has printed over 3000 cheques with an estimated value of about $9 million.

Presenting the results of the investigation at the Black Hat security conference in Las Vegas, SecureWorks director of malware research Joe Stewart says the scheme is essentially an old school cheque-kiting fraud brought bang up-to-date with modern technology.

More details of the scheme are presented in a blog on the SecureWorks site.

Stewart says: "One thing a business can do to ensure that counterfeit cheques will not present risk to their account is to get a service from the bank called "Positive Pay". This system allows the account holder to verify each cheque transaction presented matches a known payment before the bank processes it. If the account holder is diligent in reviewing the daily transactions, this system should help prevent them from losing money due to counterfeit cheques."

Comments: (2)

Rein Geerdes
Rein Geerdes - Unisys - Villeneuve-Loubet 29 July, 2010, 14:31Be the first to give this comment the thumbs up 0 likes

"Positive Pay" is indeed one of the methods to detect cheque counterfeiting but there are many more like detection of copied images of cheques and/or the  copy of signatures, reduction of the "fraud window" by branch capture and centralised processing which allows for early detection, use of user profiles, various checks on cheque numbers, dates etc in the processing of cheques both at the beneficiary as paying bank end. Various other methods could be used as watermark, electronic signatures on images, special paper etc.

A holistic view on fraud with (paper based) payment instruments is required to really combat fraud.

Rein Geerdes, Business Development Manager Payments at Unisys

A Finextra member
A Finextra member 30 July, 2010, 10:24Be the first to give this comment the thumbs up 0 likes

Or could it just be another pointer that the days of the cheque as a primary payment instrument are numbered ?