Security outfit SecureWorks has uncovered a sophisticated cheque counterfeiting operation that deploys a network of botnets, malware and moneymules to steal, print and cash millions of dollars worth of bogus cheques.
The Russian-based gang uses the botnet architecture to scan the Web for weaknesses in cheque archiving and verifications services, sniffing out previously-cashed cheque images stored online. The same botnet is also used to scrape online job sites for money mule recruitment purposes.
The scammers use stolen credit card data to print up replica cheques and pay for shipment to the money mules who take a percentage in return for forwarding the cash to bank accounts in Russia.
SecureWorks believes the scam has been in operation since at least June 2009, during which time the gang has printed over 3000 cheques with an estimated value of about $9 million.
Presenting the results of the investigation at the Black Hat security conference in Las Vegas, SecureWorks director of malware research Joe Stewart says the scheme is essentially an old school cheque-kiting fraud brought bang up-to-date with modern technology.
More details of the scheme are presented in a blog on the SecureWorks site.
Stewart says: "One thing a business can do to ensure that counterfeit cheques will not present risk to their account is to get a service from the bank called "Positive Pay". This system allows the account holder to verify each cheque transaction presented matches a known payment before the bank processes it. If the account holder is diligent in reviewing the daily transactions, this system should help prevent them from losing money due to counterfeit cheques."