In the past, significant mail theft-related check fraud schemes were mostly confined to cases involving USPS employees at sorting and distribution facilities who had access to large amounts of mail.  For example, the Department of Justice—with the help of the United States Postal Inspection Service (USPIS) and the USPS Office of Inspector General—charged USPS employees and other individuals with running an alleged $1.3 million fraud and identity theft scheme and uncovered an alleged bribery scheme involving USPS employees who diverted Covid-19 benefits sent by the New York Department of Labor.

But the recent uptick in mail theft-related check fraud is “increasingly committed by non-USPS employees, ranging from individual fraudsters to organized criminal groups comprised of the organizers of the criminal scheme, recruiters, check washers, and money mules.”  Criminals have targeted everything from residential mailboxes to cluster boxes in apartments and commercial buildings, sometimes forcing them open or using improvised fishing devices.  Criminals have also allegedly obtained USPS master keys, Arrow Keys, and used them to access USPS blue collection boxes.  To obtain the Arrow Keys, individuals have allegedly resorted to force, sometimes robbing mail carriers at gun point, or conspiring with mail carriers to make copies.

According to FinCEN, Suspicious Activity Reports (SARs) for check fraud increased 23% in 2021 and nearly doubled in 2022, totaling 680,000 SARs for check fraud.  While the number includes all SARs involving check fraud, FinCEN and the USPS attribute this increase, in part, to mail theft-related check fraud.  The increased criminal activity has become enough of a concern that FinCEN issued a joint alert with the USPS discussing typologies, red flags, and reminders about SAR filings.

The alert describes the typology for these crimes.  Typically, criminals involved in these schemes “wash” the checks (i.e., use chemicals to remove the original ink) to remove payee and check amount information and replace it with their own identities (or fraudulent ones) and new ammounts to increase the value of their ill-gotten gains.  Criminals may also copy and print the washed checks to use or sell, potentially on the “dark web.”  Similarly, criminals may use personal information found on the check (or in other pieces of mail) to commit future fraud schemes, like credit card fraud or identity theft.  Sometimes, checks are deposited in person, through ATMs, or via remote deposit to fraudulent payees.  But sometimes cashing the checks can be much more complicated.  To further obfuscate their involvement, criminals may retain the services of a money mule.  Typically, the money mule will have an existing account at a financial institution in which to deposit the fraudulent checks.  Once deposited, the funds are quickly withdrawn or wired to multiple accounts, usually at different financial institutions, to hide the source of the funds.

The red flags provided by FinCEN are informed by the typologies discussed above.  Banks should be suspicious of:

• non-characteristic check activity on their customer’s accounts, including large checks to new payees, new check deposits when the customer did not typically use checks, and abnormal check deposits;
• checks cashed on a customer’s account when the customer reports checks were stolen or that the intended recipient did not receive a check sent in the mail;
• checks bearing physical characteristics indicating check fraud, like faded handwriting or different check stock;
• customer accounts that deposit checks and quickly initiate withdrawals and transfers or that have “indicators of other suspicious activity, such as pandemic-related fraud”; and
• non-customers attempting to cash large checks in-person who provide suspicious explanations for their activity or otherwise appear to be acting as a money mule.

FinCEN also suggests that if financial institutions learn of possible mail theft-related check fraud from their customers they should refer them to USPIS’s tips on mail and package theft and, if it involves USPS money orders, should refer customers to USPS’s FAQs on lost or stolen money orders.

When filing SARs believed to involve mail theft-related check fraud, financial institutions should enter the key term “FIN-2023-MAILTHEFT.”  (Financial institutions should do the same when filing a Form 8300, a Report of Cash Payments Over $10,000 Received in a Trade or Business.)  FinCEN also requests financial institutions to provide “any and all available information relating to the account and locations involved in the reported activity” including legal entities and individuals involved, the beneficial ownership of those legal entities, and other financial institutions involved.  FinCEN strongly recommends that financial institutions voluntarily engage in information sharing, under the safe harbor authorized by Section 314(b) of the USA PATRIOT Act, to fight the rise in mail-theft check fraud.

[View source.]