Job seekers aided in $9 million check fraud operation
At DEF CON, an annual hacker convention in Las Vegas, information security firm SecureWorks pulled back the curtain on a check fraud operation that is believed to have stolen over $9 million through counterfeit checks. The criminals behind the fraud used malware, a network of compromised computers, off the shelf check printing tools and unsuspecting job seekers to wire millions to Russia during the past year.
Rather than relying on check Kiting, which Frank Abagnale Jr. played by Leonardo DiCaprio did in Catch Me If You Can, these criminals took advantage of a security issue that allowed them to download copies of scanned check images. From there the criminals printed counterfeit checks which they then passed off to “money mules” to be cashed and wired overseas.
In this case, the money mules, were job seekers who were looking for an on the level job but as Elizabeth Clarke, vice president of corporate communications for SecureWorks, told eWEEK, ”People caught on when they got the second set of instructions that says, ‘OK, now you are going to send the money to St. Petersburg in this amount.’”
SecureWorks analyzed a database that the criminals left in a public location and found the personal information for close to 3,000 job seekers who believed that they were applying for legitimate jobs. In a tough economy, the desire to land a job can lead job seekers to respond to job ads and take steps they wouldn’t otherwise give a second thought, which the criminals capitalized on in order to keep themselves out of the physical act of cashing a bad check and wiring the money overseas.
SecureWorks has recommended that banks switch to a Positive Pay system that matches the information on the check with actual checks issued by the company to help prevent this kind of fraud, but job seekers should also be prepared to take a step back from job offers that require them to cash a check and wire the money to another person to decide whether or not the job offer is legitimate.