From the article on Bank Info Security:
http://www.bankinfosecurity.com/articles.php?art_id=1098&opg=1
5. Check Image Fraud
Traditionally, after a successful phishing attack, the criminal would
extract the needed information and go onto the online account and
remove the victim's bank funds. This has changed for some of the more
sophisticated criminals in the last year, says Ori Eisen, Founder and
CIO of 41st Parameter. "Instead of looting the victim's account, they
don't set up fake bill pay or take money directly from the account.
Instead they go to the check image page, where they take a copy of the
victim's check.
Many financial institutions are now offering check images as part of
their online banking services to their customers. The customer can go
online to see what checks have cleared, Eisen notes. "So what is on
those checks? The victim's bank account number, signature, address,
phone," says Eisen. It's a treasure for most criminals. They can either
take the copy and make paper counterfeit checks to distribute, or take
that information and create PayPal accounts or other online payment
accounts that will leave the victim on the hook for any purchases.
Eisen says check image fraud is hitting the top financial institutions
around the world to the "tune of millions of dollars per month. The
amount they're being hit with is significant," he says. Banks are on
the hook for these losses, especially with the proliferation of
Trojans, keyloggers and other malware, that find their way onto
customers' computers, banks can't hide behind the statement that the
customer didn't protect their account information. As more institutions
begin losing money to check image fraud, they'll need to look to find
ways to mask the check images online, especially with the increased
phishing that is occurring, Eisen warns.
