Also By Jeremy Owsley and Evan Beese
Remote deposit capture (RDC) allows banking customers to quickly deposit checks and money orders with their financial institutions by taking a picture of the item for deposit and sending it via the bank's mobile app. However, this convenience causes a loophole of which a growing number of scammers are happily taking advantage. Because customers retain the deposited item afterward, RDC scams are exploiting the lag time between the deposit and the status of the deposit being communicated between financial institutions. During this period, these scammers will deposit the item multiple times or use it for a cash reimbursement at another location, such as a grocery store.
Of course, there are several ways institutions can mitigate this threat, such as limiting amounts that can be deposited via RDC, limiting RDC privileges to accounts that have been open for over six months, and removing privileges from accounts with multiple duplicate deposit irregularities. But in this emerging cat and mouse game, other ways for scammers to use RDC to gain illicit funds have emerged. Perhaps the most nefarious (and now most common) way is stealing account holders' personal or account information or tricking them into providing it with social engineering.
Scammers trick their victims by promising them anything from love to loans to jobs to free money in exchange for their information. Once the target provides the account credentials, the scammer uses RDC to deposit checks into the victim’s account and instructs him or her to transfer all or a portion of the funds to another account under the scammer’s control. Then, days or weeks later, the check will bounce leaving the victim responsible for losses and returned check fees.
Social media provides scammers with fertile ground to perform these types of scams. With scam accounts, pages, and groups, they can target individuals directly, or phish for victims in the comments section of popular posts. In the examples below (with links to their corresponding web crawl), scammers and scam groups use a multitude of techniques to attract victims. They’ve even developed a vocabulary of slang terms to use in their operations:
- Yankee: U.S. Financial Institution
- Ghost: (Contextual) Buyer/Seller without a face (such as an anonymous transfer)
- Loader: Middleman adding funds to debit cards (pre-paid or otherwise)
- Ripper: (Contextual) Individual that receives account information and subsequently fails to pay for it
In this first two examples, the actors leverage good looks to attract victims. It’s not clear if the people pictured in the profile photos are the actual scammers:
In the next two examples, the scammers take a more business-like approach. Their pages show how easy it is to execute an RDC deposit, and what the ‘lucrative result’ might look like for the victim:
RiskIQ was able to flag the Twitter accounts shown above with detection logic specifically looking for RDC scams, and has reached out to Twitter for takedown due to fraudulent activity. The Facebook pages were encountered as part of an investigation to better the logic we’re using so we can identify this behavior more efficiently. In the meantime, I’ll leave you with some advice from my old high school principal, Mr. Stull. “There is no free lunch in life.”
If someone promises you free money, it’s not free. Don’t give out personal or banking information to people you meet online. They will steal from you.
The RiskIQ Intelligence Connector for Microsoft Azure Sentinel Is the Context-Rich Force Multiplier Security Teams Need
Digital initiatives have changed the enterprise attack surface and how organizations appear online, both to users and malicious actors. Meanwhile, the threat landscape has evo...