I was woken up today by the UPS guy knocking on my door to give me a rather bizarre package. It was sent next-day air from someone I had never heard of with a return address in Pennsylvania.
It was a check for $3,500. There was a company name and address written on the check, “Red Oak Capital Management LLC”.
Problem is it was too good to be true. I had no idea why this person/company would be sending me $3,500. A quick search turned up this, and the website for Red Oak Capital Management. I called the number and apparently they are a real company, but the woman who answered the phone was well aware that someone has been sending out fake checks with their company name on it. She said they don’t know who it is, but they have a private investigator looking into it. She urged me not to cash the check, as the account number is not associated with them, and the person written on the return address apparently doesn’t exist.
So I know a person could get my bank account number if I had cashed it and written my account number on the back, and I know it would bounce. But as the Yahoo! answers person suggests, can someone really drain your bank account having only your account number? That’s pretty troubling, since if you write a check to anyone the account and routing numbers are printed on every check. Don’t they still need your password/PIN to access your account? How else could someone possibly benefit from this scam?
I believe it is true your account can be sucked dry by anyone. That’s why the Nigerian scammers ask for your number. It seems absurd that is the way banks work in this day and age.
I’m not familiar with this scam but I do know a couple of things.
If it bounces, the check does not go to the maker, your bank returns it to you. That’s why they call it a bounce. (Practices may have changed somewhat in the digital age, but I think this is still the way it works if you deposit a paper check.)
It might take more information than that to go to a bank and make a withdrawal, but when I pay by electronic check online all I have to provide is the routing number and account number. So I suppose if someone lifted that they could use it the same way that people use stolen credit card numbers.
After all, your credit card number is also recorded for every credit card transaction you make (it used to be that the full credit card number was printed on your credit card receipt). As big a deal as credit card fraud, bank fraud, and identity theft is, most people who handle this data are actually honest and that’s why the system works at all.
ETA: I just looked at your Yahoo link. One answer says, “If it bounces you will be out $1,500.00.” This is not true. It just means that the bank will credit your account the $1500 then debit it when the check bounces. Now, if you spend it before the check bounces, then you have a problem. ETA2: Oh, but you will have pay a bounce fee, probably at least $25.
Kind of a yes and no question. Yes, someone with your account and routing numbers can move money both ways from an account unless you have specific instructions not to honor transfer requests.
The difficulty for the scammer lies in that the request for transfer has to come from a trusted source. So while I have a checking account in good standing with ACME First National Bank, I can’t just walk in and say that I have an authorization from Rigamarole, here’s his info at Ace FNB, move 1000 dollars from his account to mine please, thankuverymuch.
I’d have to go through the whole appearance of setting up a business, getting or forging authorizations from various bank regulator commissions. Getting the bank to approve said documentation. And finally siphoning money from marks for a couple of days til someone noticed things weren’t right and it got shut down. Lather, rinse, repeat.
Take a look at any of your checks – do they have any other information besides your routing and account number? When you make an electronic transaction online using the checking account, do you have to enter anything besides a routing and account number? Someone can certainly take advantage of your account just by using those numbers – either in electronic form, or by printing off a check. It’s just the way the system works. You’ll need a PIN to process any debit transaction from your debit card, but if it’s Visa or MC branded, you’ll just need the account number and expiration date.
As to how the scam works, I’m betting that the scammer doesn’t think most people will be as judicious in their research as you have been. I can easily picture a scenario where someone receives the check, deposits or cashes it, and very shortly is expected to “return the funds as the result of an error.” That check may take a few days to bounce from your account, but before it does, I expect you’re going to get a call from someone representing “Red Oak Capital Management LLC” advising you that the funds were sent to you in error, and that they expect you to cut a check to them or initiate a transfer immediately.
Some people will fall for this, and provide bank account information to an intimidating person over the phone in order to set things right. Unfortunately, this unscrupulous person will drain the account before the fake check bounces and you’re tipped off that something may be fishy.
If more people did their homework, scams like this would be far less common.
That would be my best guess based on the information provided.
So I’m with atomicbadgerrace on this one. At some point after you cashed the check, but before it bounced (at which point it would look like $3500 was resting safely in your bank account), you’d have been contacted explaining how this was all a mistake, and if you didn’t want to get prosecuted/sued/cursed/murdered you needed to wire them back all or some (I mean they’re doing you a favour here, you can keep $500 as compensation for your inconveinence!) of the cash.
I just got an e-mail which makes this more clear. It’s a simple money wire scam apparently. They sent it to me because of one of the job postings on craiglist that I responded to, and they want me to wire back to them $3000 out of the $3500, the rest of it being my “salary”. :rolleyes:
It’s still disturbing that it’s apparently so easy to get money from someone’s account with only their account number though.
It isn’t. You can’t clean out someone’s account just by knowing their account details.
The whole point is that it’s a money wire scam, as you noted above. The scammers aren’t sending you the cheque in order to get your account details. They are sending it in the hope that you will cash it, and agree to wire them some of the money before the bank bounces it and removes the balance from your account.
The “account details” discussion above is a red herring.
ETA: I cannot think of any method that would let people withdraw money from your account with only the bank account number and sort code.
Yes, of course you do - you need to log in to the electronic banking system with your secure password and usually some security questions too! And cheques have to be signed.
Yes, but a debit card number is not the same as a bank account number. Having someone’s card number and expiry date is a very different matter from having their account number. With an account number, all you can do is pay money in.
Case in point. This very last payday our accounting office made a mistake and everyone’s check was deposited to their accounts twice. Immediately following the second deposit is a withdrawal for the same amount.
This is a separate, standard transaction very clearly labeled as a withdrawal.
And there are many vendors online that you can pay with an online check instead of a credit card, all you usually have to provide is the routing and account numbers and possibly a check number.
The system must be very different in the US in that case. If a mistake were made with my salary, similar to what you describe, then yes, I expect the accounts office could “withdraw” the money, but only by reversing the BACS (electronic) transaction they had already made. If it were paid by cheque, then they could stop the cheque, which would then “bounce” after a few days. But that is money they paid in in the first place, not money they never had a claim on.
Other than that, someone would need a direct debit agreement with my bank in order to withdraw money from my account.
Have you ever done any online shopping with a checking account?
Signing a check is a trivial matter. And you don’t need to log into your bank account online to make a purchase from a third party vendor online. You need nothing more than your routing and account number.
This is not true. It may be where you are, but in the US, electronic transactions can occur with nothing more than a routing number and account number.
Yes, and I certainly didn’t use my account number or sort code (which I assume is the equivalent of the “routing number”).
In the UK, if you want to buy stuff online using a current (checking) account, you need a debit card (typically branded Visa Delta or Maestro). That has a 16-digit card number, just like a credit card, but that is NOT the same as your bank account number (which is typically 8 digits, and unrelated).
To make a purchase, you need to know the card number, the card expiry date, and, almost everywhere nowadays, the card verification code, which is a three-digit number on the back of the card, intended to ensure that you can only make purchases if you have the physical card in front of you.
Again, I’ve never come across that system in the UK, so apologies for the misleading info. As the OP stands, though, it doesn’t look like this was the motive for the scam.
This scam takes advantage of a flaw in US banking law. If you try to cash a check your bank has only 5 days to decide if the check is bogus. If not they must provide you with the money. This is to keep the bank from with holding your money for too long. This used to be common practice and banks used your money for a few weeks and made some profit. The law was changed to make the money available to you sooner.
But it often takes much longer to confirm if the check is valid or not. So you cash the check, the bank says OK, and a couple weeks later the check is found to be fraudulent. And you have to pay your bank back the entire $3500, not just the $500 you kept. Because the crooks get to keep their $3000.
This is a $45 BILLION dollar industry per year, in the US alone.
But if someone else uses your routing number and an account number, who is out the money, you or your bank?
Because certainly in relation to ordinary checks when someone forges a piece of paper and presents it to the bank as if it is your check it’s the bank that is out the money, not you, since they were the entity who gave the fraudster the money, not you.
I don’t know the law, but my guess is that the bank would fight tooth and nail to hold the accountholder responsible; especially if he or she voluntarily provided their account information to the other party.
In the “overpayment” scam, I can’t fathom how the bank should be left with the bill.
Individuals and most companies cannot remove money from accounts just because they have obtained a routing and transit number and an account. The companies which can do that are called automated clearing houses. I work for one. Most banks are not ACHs, they hire companies like mine to process electronic transactions. The scam in this case depends on getting the victim to wire the money back, money which was never there because the check was going to bounce anyway.
The number is used for the transaction but I didn’t think it’s supposed to be stored unencrypted by the vendor.
<<The PCI regulations specifically forbid storing of any of the following:
Unencrypted credit card number
CVV or CVV2
Pin blocks
PIN numbers
Track 1 or 2 data
Any of the above found in databases, log files, audit trails, backups etc. at a merchant can result in serious consequences for the Merchant, especially if a compromise has taken place. >>