Read This If You Write Checks! — Last week’s Top Story examined the crime of check washing that followed a serious car crash. Our guest author, Claire, told the story of a friend who fell victim to this fraud after dropping a hand-written check into a street corner mailbox. Fortunately, the fraud was easily confirmed and the victim’s money was returned to her bank account quickly. However, this followup story, again written by our guest author Claire, has a darker turn of events and leads us to wonder if there is ever a way we can truly protect ourselves if somebody wants to intercept our carrier-delivered payments. This is Claire’s story… On a pleasant evening very recently, my husband and I hosted a dinner party for friends who know the subject of last week’s story. I launched into my “Get a load of what happened to Alice this time” story, when I was told that she is not alone in losing money to check washing! Our friend Sally (not her real name) encountered a much more troublesome episode of this when she was expecting to receive a check in the mail that never came. What follows is Alice’s story and the problems it caused her.
Early in August 2022, a new tenant moved into a rental property that Sally owns in a metropolitan area in Central Texas. He asked if he could pay his rent by VENMO. Sally replied that she wasn’t familiar with it, didn’t trust it, and wanted to be paid by check. The man logged into his bank’s “bill pay” service and arranged the payment to be mailed to her house. But after a couple of weeks the check hadn’t arrived and so she asked the tenant about it. He saw that it had cleared his bank and then pulled the check image up in his online account to show Sally. To their shock, he found that Sally’s name had been removed from the check and instead they saw the name Claudia Iveth Cruz typed in its place. The only clue that something was “off” about the check was that Claudia’s name was in a different font and size than Sally’s address, which was typed in just beneath it.
Sally filed a police report and, armed with a police case number, was able to dispute the check with the issuing bank. From this experience we all learned that Wells Fargo and Bank of America work together in a business arrangement that enables one bank to issue the check and the other bank to process the issued check. (We couldn’t help but wonder if this somehow allowed the banks to circumvent some kind of regulatory practice that would better protect consumers.)
What was more alarming than discovering that her check was stolen, was the fact that the thief walked into a small town bank, within 50 miles of Sally’s house, and asked a bank teller to give her cash instead of depositing the check into the thief’s account already set up at that bank. In other words, there were funds already belonging to the account holder at the small bank, enough to cover the $1,300 on the stolen, washed check. The teller in that small Texas town cashed the stolen check and sent her on her merry way! Coincidentally, both this author and the victim know this small hill country town quite well, and the bank where this check was cashed.
The time and effort it took for Sally and her tenant to be reimbursed for the stolen money owed to them was mind numbing. The police report entitled her to receive a clear copy of the check from the processing bank but then came the painful procedure of the “phone pass-off game” between banks. Both banks required prolific note taking to correctly negotiate the tasks required between them to retrieve the stolen money. Sally’s tenant had to submit supporting documentation to go with an Affidavit of Check Fraud and an Affidavit of Non-Receipt, which Sally was compelled to help put together. Both Affidavits required chasing down a cooperative notary, which is not always easy. Once all hurdles were cleared, Sally could only wait, making the occasional phone call of inquiry. FINALLY, in January, five months after the check was stolen and washed, she received her rent money. The fundamental difference between Alice’s hand-written check in last week’s Top Story and the bank-generated check made out to Sally in this story is that the issuing bank had a clear record of who the check was intended for. Sally! That meant the money could go directly to her instead of being returned to the tenant. That protection is a big plus in favor of using digital bill pay.
As for the circumstances of these instances of check washing, two institutions are involved to varying degrees of innocence: the US Postal Service (from which the checks were stolen) and the FDIC insured banking system. The thieves and victims can be categorized in several ways. The person thought to be the perpetrator (e.g. Claudia Cruz or DonLanda in last week’s story) could be the criminal or an unwilling victim of identity theft, or even a victim of blackmail, just to name a few possible scenarios. Both the check writer and intended check recipient are considered to be victims. The common denominator of both week’s check washing criminals is that the checks were associated with real bank accounts opened by real human beings. Our universal experiences tell us that these banks should have security footage of both people who cashed the washed their stolen checks! Also, banks have a duty to collect certain information about an individual who opens a checking account. For example, it is our understanding that this includes a current government-issued photo ID and social security number. And the SS number MUST match the name on the ID. However, beyond that, banks are not obligated to act as detectives to determine if the account holder is actually who they claim to be. So it was in last week’s story that someone named DonLanda could open her account at First Hawaiian Bank and someone named Claudia opened her account at a small bank in Texas, with little scrutiny.
The stolen checks in both of our stories were processed within days of their issue dates. Therefore, it stands to reason that the scammer’s bank accounts sat silently lurking like spiders in webs waiting to capture a sizable “meal.”. A customer specialist that I spoke to at my bank made the point that an account opened at a bank will automatically trigger an alert with credit reporting agencies. She jokingly said that “unless a person is living under a rock, they’re going to know about the new account and where it was opened.” But it’s entirely possible that people like the real DonLanda and Claudia are themselves “cave dwellers” who are unaware that their identities were stolen and used to open bank accounts. Profiles for both of them can easily be found on Facebook but of course we all know that it’s easy to create fake profiles on social media.
So, if there is a teachable moment to these stories, for people who don’t live “off the grid”, it would be to sign up for a credit tracking company such as Credit Karma or American Automobile Association’s ProtectMyID®(if you are already a member) so you are notified immediately of any extensions of credit in your name. If you use bill pay or write checks frequently, scan your bank account just as often to catch any inconsistencies quickly. And, as we reported last week, if you do write checks you should be using ink pens that make check washing hard or impossible for criminals! Several banks and security services have reported this to be black-gel pens such as this Signo Uni-ball 207 pen from Amazon.
One of the key components of a successful scam is the unthought-through action a person is compelled to take when confronted with danger and urgency. Check washing is a scam in reverse when we consider that the urgency happens AFTER the fraud is perpetrated. If this should happen to you, be thoughtful before acting to get your money back. Collect the evidence you need, present it to the proper authorities and remember to be kind to everyone involved in helping to fix the situation. They didn’t intentionally cause your loss and where the bank is concerned, they are as much a victim as the parties that should have been the sender and receiver of the pilfered check.
Are You Exhausted by Repeated Threats? — We hope our readers understand that most of the scams that target them, their families and friends, are carried out by career criminals. Many of these criminals have perpetrated variations of the same scams over and over for years and it can feel exhausting to the public to be continually bombarded by these threats. Here are just a few simple examples. In late 2020, we learned of a fake online shipping business that tricked Americans to ship stolen merchandise (or merchandise purchased with stolen credit cards.) Because of mistakes made early in their bogus documents and websites, and other behind the scenes mistakes we prefer not to reveal, we know that this particular group of cybercriminals are native Russian-speakers. In the three years since this discovery, we’ve uncovered 79 fake websites created and used in support of this scam. How many more have we not discovered? (Changes in their site design suggests to us that there may now be two Russian-speaking criminal gangs most responsible for these scams.) Dozens of people have reported this fraud to us because they thought they were hired by a legitimate company through legitimate job posting services. But these new hires were all ghosted after 4-6 weeks and never paid a penny for their “work.” Just recently, we found two more fake shipping company businesses that were registered in the last month and using bogus websites to promote this scam:
- Pack It Simple LLC / packitsimple.com (registered on 3/27/2023)
- Platinum Shipping and Logistics (PLS Ship) / platinumshippingandlogistics.com (registered 3/10/2023) and pls-ship.com (registered 3/10/2023)
Another scam with an active and long history is the extortion threat. We first reported this in 2018. There have been tens of thousands of recipients who receive an email from an extortionist claiming that he has been spying on you through malware installed on your computer. He goes on to say that he has an embarrassing video of you “pleasuring yourself” while watching pornography, sometimes claiming that the porn is of underage boys or girls. Each of us at TDS have received dozens of these bogus threats over the years. They are all COMPLETELY FAKE. There is no malware installed, and no videos or photos collected. And yet, a small percentage of people receiving these threats believe them and pay the scammers! If these criminals TRULY had embarrassing videos/photos in their possession, why don’t they show their victims a copy to prove their point? Some of these extortion emails have claimed to be real by sending you a personal password that they say their malware has captured on your computer. But that is also a lie! Passwords are compromised all the time from sites and services across the Internet and then sold on the dark web. These scammers simply buy a list of them and send victims one of these compromised passwords they purchased, saying they collected it via their installed malware! Here are two recent extortion threats that targeted us again this past March….
Our third example of a type of scam is one that feels like it targets nearly EVERYONE EVERYDAY! It is the bogus phone calls that bombard our phones. Most of these come from cybercriminal gangs in India, but also from other criminal gangs around the world! Professional Scambaiter Rob sends us lots of phone recordings of either him or his AI Bots speaking with these scammers. Below are three recent calls. The first two are very short and he uses one of his AI Bots to play with the scammers to waste their time. We can easily identify the first two scam calls being from India by their accents. In this first brief call, the scammer pretends to offer free COVID test kits to Medicare recipients, clearly targeting elderly United States citizens!
Free covid test kit scam call
In this second short call, Rob’s AI Bot speaks to scammers who pretend to represent his Utility company. They are calling to offer a 35% discount on his utility rate. These low-life bastards will use just about any trick in the book to manipulate people into giving up their personal information or access to their devices, both of which can be monetized.
Call from Utility Co. to Lower Costs
And finally, here is a 15 minute phone call with Rob wasting the time of several scammers at a Call Center pretending to be Amazon Customer Service, calling about an order he never placed and new accounts that were opened in his name. (Also, a lie.) Most of the world orders things from Amazon! Would YOU have believed this BS? (We can’t identify the accents of these scammers, can you?) The scammer also tells Rob that multiple cards and accounts with various banks have been opened in his name. This trick is meant to raise his anxiety and keep him on the phone with the scammer, whom he is led to believe will help him remove these fraudulent accounts. The scammer then passed him to a second scammer claiming to be Fraud Officer “Marcus Smith of the “Apple Bank.” He tells Rob that more than $200,000 in fraudulent purchases have been made in his name, using several different fake bank accounts! Marcus Smith goes on to tell Rob that THREE different Federal Agencies are listening in on this call and recording it because the level of fraud is so high! This call goes from annoying to horrific! There are many subtle hints that Rob is NOT speaking to a native English speaker. For example, at one point Marcus Smith asks Rob “do you still drive for yourself?” He told us that the call went well until he forgot his phony Social Security number and gave them one that he made up on the spot. You have to understand that the scammers check the first 3 digits of a SS# to look up where you were born. It didn’t match the other information he gave them. The scammers then wondered if Rob was being honest with them so he had to call them out on their scam and end it! Oops! Enjoy!
Amazon Scam Call on April 6
We have repeatedly tried to raise awareness to our readers about how little privacy they have through their cell phones and Internet usage. Here’s just one more example! Would it surprise you to learn that a Chinese-created App is spying on you? And it isn’t Tik Tok! Check out…
iCloud Storage, Paypal, McAfee & GeekSquad — One of our readers received an email from “singapore” claiming to be a “payment processing rejection” from iCloud. This is just another smelly phishing email disguised as an expired payment method. Notice that there isn’t a single shred of information in the email that identifies the recipient or her payment method!
Lots of phishing emails pretend to represent Paypal and some actually do come from abused Paypal accounts. This one, however, did not. It came from a personal Gmail account, making it very easy to see through this fraud. Obviously the sender is not a native English speaker, as evidenced by “We’re glad on successful renewal.” Lunge for the delete key!
Cybercriminals LOVE to create phishing scams disguised as computer security companies like McAfee, Norton and others. Such was the email above and the following email. This one below came from a generic email service at USA[.]com, which is often used by foreign cybercriminals to try to add authenticity to their emails. Don’t believe this junk! When we see any email from usa[.]com, we’re automatically conditioned to be suspicious!
We’ll round out this week’s rotten phish with another bogus Geek Squad purchase. Again, if this were a REAL purchase it would include your name and other personal details, and it wouldn’t come from a personal iCloud account.
You’re a Winner! — The only reason scammers routinely send emails claiming that you’ve won a prize or some bogus marketing deal is because these emails are effective clickbait! We hope our readers would never fall for this malicious malarky. Last week we pointed out how these criminals use link-shortening services to hide their link destinations. Here’s another such email that came from a crap DOT-xyz domain and with a link to the shortening service at TinyURL. URLEX.org revealed that the shortened link will redirect victims to a malicious website called mapgodss[.]com.
It’s not too likely that you would believe in the following sweepstakes if you recognized that it came from a University email server in Malaysia! That’s where this scam originated, and not from Costco as it wants you to think. The links point to a newly registered website that is hosted in Turkey and sold by a Registrar who always appears to have NO INTEGRITY WHATSOEVER OR CARE FOR THE PUBLIC’S SAFETY! We are speaking about Namecheap, of course!
Finally we have this lovely email that appears to be from Target and offering a “fantastic prize” if you just take a moment to answer a few questions. The links in this clickbait point to a malicious domain called beehiiv[.]com. Surprisingly, this oh-so-honey-sweet domain was registered waaaay back in October of 2020.
Your Invoice and Your Domain —One of our readers received this “final invoice payment notice” but immediately recognized that it came from a server in Russia! The link to the invoice points to a website that has been recognized by FIVE security services as malicious. Step away from the ledge…
We at The Daily Scam received this message from “Susannah Mackrell” via our site’s online form to tell us that our domain name was about to expire. Wow! Did they really think this would trick us to click their malicious link? Susannah offered us a link to a service called Settle-Notice[.]com, which is odd since her email address was a free Yahoo account and not the business she mentioned. We noticed that her unsettling domain was registered about 3 weeks earlier in the Netherlands! (We apologize for the bad dad jokes. It’s genetic.) All of this gives Susannah some serious credibility problems.
$529.99 Has Been Deducted from Your Account — One of our readers sent us this screenshot she received from 431-631-7730, saying that a $529.99 order had just been deducted from “Your Account.” But no worries! If you want to refute the charge, just call these whackos at 910-493-3735!
Until next week, surf safely!
Copyright © 2023 The Daily Scam and Scamadviser. All rights reserved. You are receiving this email because you
have subscribed to it via Scamadviser.com or thedailyscam.com
Keurenplein 41, UNIT A6311 | 1069CD Amsterdam, The Netherlands