Hackers believed to be operating out of Russia have figured out a high-tech way to carry out the decidedly low-tech crime of check fraud, a computer security company says writing at least $9 million in fakes against more than 1,200 legitimate accounts.
But these hackers got the account information in an unusual way: They broke into three websites that specialize in a little-known type of business archiving check images online.
The scam was discovered by SecureWorks Inc., an Atlanta computer security company. The organization says it is working with the FBI and says the hackers have not been caught. The criminals downloaded all the images they could find, grabbing bank routing numbers, names and addresses and even signatures of legitimate account holders. They used the information to create their own checks using easy-to-acquire software and printers.
Because all the account information is real and the victims don't know their accounts have been compromised, the odds of the checks going through are high. SecureWorks notified the three sites and said they have closed their security holes, but warned that the scam is ongoing and targeting other, similar sites.