Labs

Deposit Your Hopes Here: Remote Deposit Capture (RDC) Scams Are No Free Lunch

Also By Jeremy Owsley and Evan Beese

Remote deposit capture (RDC) allows banking customers to quickly deposit checks and money orders with their financial institutions by taking a picture of the item for deposit and sending it via the bank's mobile app. However, this convenience causes a loophole of which a growing number of scammers are happily taking advantage. Because customers retain the deposited item afterward, RDC scams are exploiting the lag time between the deposit and the status of the deposit being communicated between financial institutions. During this period, these scammers will deposit the item multiple times or use it for a cash reimbursement at another location, such as a grocery store.

Of course, there are several ways institutions can mitigate this threat, such as limiting amounts that can be deposited via RDC, limiting RDC privileges to accounts that have been open for over six months, and removing privileges from accounts with multiple duplicate deposit irregularities. But in this emerging cat and mouse game, other ways for scammers to use RDC to gain illicit funds have emerged. Perhaps the most nefarious (and now most common) way is stealing account holders' personal or account information or tricking them into providing it with social engineering.

Scammers trick their victims by promising them anything from love to loans to jobs to free money in exchange for their information. Once the target provides the account credentials, the scammer uses RDC to deposit checks into the victim’s account and instructs him or her to transfer all or a portion of the funds to another account under the scammer’s control. Then, days or weeks later, the check will bounce leaving the victim responsible for losses and returned check fees.

Social media provides scammers with fertile ground to perform these types of scams. With scam accounts, pages, and groups, they can target individuals directly, or phish for victims in the comments section of popular posts. In the examples below (with links to their corresponding web crawl), scammers and scam groups use a multitude of techniques to attract victims. They’ve even developed a vocabulary of slang terms to use in their operations:

  • Yankee: U.S. Financial Institution
  • Ghost: (Contextual) Buyer/Seller without a face (such as an anonymous transfer)
  • Loader: Middleman adding funds to debit cards (pre-paid or otherwise)
  • Ripper: (Contextual) Individual that receives account information and subsequently fails to pay for it

In this first two examples, the actors leverage good looks to attract victims. It’s not clear if the people pictured in the profile photos are the actual scammers:

Fig -1 RDC scammer (and Snapchat enthusiast) on Twitter

Fig-2 Another RDC scammer on Twitter, who uses her money to make phone calls

In the next two examples, the scammers take a more business-like approach. Their pages show how easy it is to execute an RDC deposit, and what the ‘lucrative result’ might look like for the victim:

Fig-3 A PARTICULARLY EMPHATIC RDC scammer on Facebook

Fig-4 RDC scammer Facebook group eloquently titled “BANK TRANSFER CASHOUT ZONE (WIRE-ACH-BILLPAY-BANK-TO-BANK -MD)

RiskIQ was able to flag the Twitter accounts shown above with detection logic specifically looking for RDC scams, and has reached out to Twitter for takedown due to fraudulent activity. The Facebook pages were encountered as part of an investigation to better the logic we’re using so we can identify this behavior more efficiently. In the meantime, I’ll leave you with some advice from my old high school principal, Mr. Stull. “There is no free lunch in life.”

If someone promises you free money, it’s not free. Don’t give out personal or banking information to people you meet online. They will steal from you.

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor