Mobile Banking: A New Vector for Check-Cashing Scams

The Better Business Bureau is warning of a high-tech check-cashing scam, which uses mobile banking apps to trick account holders into sharing their bank information.

The BBB said that scammers are using a multi-pronged approach involving social engineering and legitimate mobile banking apps to leave victims holding the bag when it comes to purloined funds.

It works like this: someone approaches the victim-to-be via social media or other contact vector, and offers to pay several hundred dollars (or more) if the person will accept money for them through a bank or credit union account.

It may seem like this odd request should set off warning bells for anyone, but the BBB said that “this person may…pose as a potential employer or lender who needs access to your account to deposit money.” Also, those selling goods on or similar sites may be asked to take an overpayment, with a variety of convincing stories as to why.

Or, if it’s a social media contact, victims may be more inclined to trust the acquaintance. Also, in a variation of the scheme, the offer is a free smartphone—and consumers are asked to provide bank information for a supposed “credit check” for what seems like a legitimate promotional offer.

In any event, if the target gives the scammer his or her bank account number, PIN and contact information, that’s all that’s needed for accessing mobile banking apps.

“The next thing you know, you get a call or email from your bank,” the BBB said in its notice. “A check deposited into your account didn't clear, and your account is now overdrawn.”

It turns out that the scammer used a mobile app from the bank to deposit fake checks into the account. But checks take a few days to clear, during which time the money still shows up in the balance. So attackers can withdraw cash against it before the bank spots the fake, leaving the victim responsible for any funds withdrawn.

“This leaves you owing the bank however much the scammer took out,” the BBB said.

To avoid check scams, consumers should avoid these types of offers altogether. And as a best practice, they should always call to make sure deposited checks are cleared before taking money out, and should monitor their accounts on an ongoing basis. Even better, those selling goods should accept PayPal or payment cards as a safer practice.

“Taking cash in exchange for sharing your banking information (or getting a new smartphone contract) may sound tempting,” the BBB said. “But scammers will leave you owing thousands. These unpaid bills will be sent to a collections agency, and this could make it hard to get a loan, a job or even housing later.”

Be wary of checks received from unknown individuals: When selling to someone you don't know, it is safer to accept PayPal, cash or credit card payments.

What’s Hot on Infosecurity Magazine?