Atlanta Security Company Startled At Check Stealing Software

The Counter Threat Unit at Atlanta-based SecureWorks has seen just about every attempt hackers use to hijack a computer. They were startled when security researchers noticed unusual activity surrounding malicious software they were monitoring. The software had been attempting to steal banking pass codes online.

But researchers learned the threat had a new mission. “It was used to get check images from multiple companies in order to make fake counterfeit checks," explained Hunter King, Security Researcher with SecureWorks to Channel 2 Action News reporter Tom Jones.

The security team found out check counterfeiters in Russia had found a way to use 21st century technology to update their craft.

“This is actually a very old scam, check counterfeiting itself," King said. "But this is the first time we've ever seen it used with computers.”

Security researchers said the scam they uncovered is complicated and clever. They believe hackers sent out e-mails with clickable links to businesses in the United States that verify checks for check cashing companies.

“When you double click there, all it does is install some software on your computer,” King said.

The malicious software then accessed digital images of thousands of checks the companies keep for archival purposes.

The hackers used those images to steal bank routing and account numbers, signatures and business names to create $9 million worth of counterfeit checks.

The scammers then pretended to be online employers. They sent e-mails to potential workers asking them to deposit the checks and send a portion of the money back to Russia. The workers were promised a 15 percent commission if they overnighted the checks within 24 hours.

SecureWorks called the potential employers money-mules and say they found mules who received the checks all over the country.

Jones asked if there are people in Atlanta who've received the checks.

“Yes. We've identified six potential money mules," King said.

SecureWorks is not sure how much of the $9 million worth of checks that were printed were actually cashed. The security team believed several people neglected to cash the checks because the banks told them they were counterfeit or others became suspicious because of the bad grammar in the e-mails.

“I mean you can tell just from the wording that there's something fishy here,” King explained.

SecureWorks has forwarded the information it collected to the FBI for further investigation.