The 59-year-old attorney immediately filed an online report with the United States Postal Inspection Service, but said he never heard back.
“The real horror was, after it happened the first time, I got a brand new bank account, new checks; a month later, I thought it couldn’t happen again,” he said.
Rosen put the second check — for her tree care service — in the same U.S. Postal Service mailbox. When he called to ask if the company had received his payment, it had not. So he kept an eye on his bank account and found out again that someone had tried to scam him. This check was reused and made out to someone for $2,500.
This time Rosen ignored the Postal Inspection Service and instead contacted Montgomery County Police. The officer in charge of his report said to him, “Yeah, we had a lot of things like that. You’re not the only one.”
During the coronavirus pandemic, there has been a massive increase in checks stolen from the mail across the United States and used in financial fraud, authorities and researchers say. In March, the United States Postal Inspection Service alerted the Department of Justice.
The trend of stolen checks is linked to a “significant increase” in armed robberies of USPS postmen to steal arrow keys, which can open most mailboxes on an entire ZIP code, according to a notice from the US Postal Inspection Service at the Ministry of Justice. In some cases, a postal code can encompass an entire city. According to the March 7 notice, the primary motive for these robberies is financial theft: “Criminals steal mail…to obtain checks, financial instruments and personal identification information in order to commit bank fraud, mail fraud, electronic fraud and identity theft”.
Authorities say mail theft has long been a problem, but the use of stolen arrow keys to target USPS mailboxes is New. Law enforcement officials say it’s not immediately clear why such thefts have increased.
Georgia State University’s Evidence-Based Cybersecurity Research Group has spent the past two years collecting internet evidence of stolen checks in the mail and said this type of crime has grown significantly in the past three to four last months.
Looked into the platforms used to sell stolen checks including Telegram, ICQ and WhatsApp, the 15-person team – a professor working with graduate and undergraduate students – first spotted crime in Florida, California, Texas and New York. Then it started to spread across the country, with the DC area recently becoming a new hotspot.
On these platforms, the team spotted about 24 Maryland checks in October, 98 in December, and 431 in January. They found a similar trend for DC: 12 checks in October, nine in December, then 82 in January. They say that in the absence of law enforcement and attention to the problem, they expect those numbers to rise.
In a video interview, one of the group’s researchers showed the Washington Post several photos of checks stolen from individuals and businesses.
“They have incredible technology,” said the researcher, who spoke on condition of anonymity after receiving threats. “We see some of their labs, and they’re well equipped…most of the checks we see are from the blue boxes.”
The group discovered that shoppers used nail polish remover to erase the intended payee name and check amount, replacing the details with their own payee and amount, usually much higher than the original amount. A shopper can also use fake ID to cash the check at a place like Walmart.
“Organized crime groups, local gangs are realizing that there is no one to stop them from doing this,” the researcher said.
A review of the post of Telegram channels dedicated to check fraud found posts advertising thousands of checks for sale across the United States. Payment amounts varied from $8 to a company check made out to the amount of over $36,000, while the checks themselves were offered to potential buyers for over $100, capping at $400 for business checks.
A Telegram seller offered USPS arrow keys for $5,000 and $7,000 to access mailboxes in Maryland and North Carolina. Another offered a Florida key for $3,000. Several channel admins said they only accept payment in bitcoin or App Cash.
The price of the key, the Cybersecurity Research Group said, depends on the area the key comes from and the number of mailboxes it opens.
The United States Postal Inspection Service, responding to a request from The Post, declined to elaborate on the extent of the problem: whether its ongoing investigations exist.
The Post also asked the Postal Service how it is addressing the issue of stolen arrow keys. “We are continuing to address this issue but cannot provide details for security reasons,” USPS spokesman Dave Partenheimer said.
The Postal Inspection Service is offering rewards of up to $50,000 for information leading to the arrest and conviction of suspects who robbed the mail carriers. A wanted poster on the Postal Inspection Service website was for suspects involved in robberies that occurred between November 3, 2021 and January 31, 2022 in DC, Prince George’s County and Montgomery County. He says postal goods, including keys, were stolen.
Montgomery County Police Department Detective Kimberly Ann Pratt says thieves have long targeted residential mailboxes for checks, especially during the Christmas season. Eight years ago, she says, the trend was for thieves to leave early in the morning, looking for raised red flags – which indicate that there is outgoing mail in the box — stealing mail and searching for cheques.
Then in the fall of 2020, police saw a change, Pratt said, “It was no longer about stealing checks from residential mailboxes, but from large blue USPS mailboxes that are on the corner . Many mailboxes we saw were not searched, were not broken; the assumption was that they were getting keys to enter the blue boxes.
She said that from fall 2020 to present, Montgomery County police have recorded hundreds of reported incidents of mail theft. The hardest hit areas were Bethesda, Potomac and Chevy Chase. Although police cannot say why these areas are being targeted, they are among the wealthiest suburbs in the DC area.
Pratt said sometimes the bank catches the stolen check or the salesperson if he doesn’t receive payment. Most of the time, she says, it’s the customer who notices. She said Montgomery County police were working with postal inspectors on a “full-scale investigation,” but declined to give details.
The Postal Inspection Service, the law enforcement arm of the Postal Service, said in an email to The Post that it is working with local, county, state, and law enforcement agencies. and federal to combat mail theft.
He advised customers to deliver outgoing mail to their carrier or post it to the post office; ask their bank for “secure” checks that are more difficult to alter; and report stolen mail by calling 877-876-2455.
The criminal market for checks is flourishing and the blue mailboxes of Steve Rosen’s zip code – 20815 Chevy Chase, where census data shows the median home value to be $1,012,700 – appears to be in jeopardy. The cybersecurity research group showed the Post a photo found online of four checks for sale, all of which were dated 20815 and dated Feb. 10-12. Two of the victims had no idea their checks had gone missing.
“It’s really shocking,” said Susanna F. Fischer, 60, when told about her check seen for sale online.
Fischer, a law professor at Catholic University, had put the $100 check in a blue mailbox near her home as a gift to her niece on her 27th birthday. “She said she didn’t receive it, so I thought maybe I didn’t send it,” she said. “I didn’t think it could have been stolen.”
Also in February, Sarah A. Friedman, 48, dropped a check into a blue mailbox to pay a credit card bill. When told it was for sale on the internet, she said: ‘I was going to check it out because I had received late notice and knew the payment had been made on time.
In Rosen’s case, the two stolen checks were randomly written, and in both cases the bank returned the money to his account. He now says he no longer mails checks, preferring to pay electronically. He is furious that he can no longer count on the mail.
“It’s a pretty big insult to local citizens to have mail stolen like this. Is this what the Postal Service has come to – that we can’t send checks anymore? And the answer is ‘yes’ , Rosen said.
Meanwhile, the Cybersecurity Research Group researcher – who uses fake “sock puppet” accounts to dive into and research this criminal underworld – has also become a target.
The day The Post first interviewed the researcher, someone messaged him on his phone saying they knew where he lived, then sent him his social security number and address. He spent the next week freezing his credit and putting fraud alerts on all his accounts. Since then, he has been watched by police and security outside his home, at the expense of his employer.
Despite these efforts, on April 5, he received in the mail a debit card for a Citibank checking account that someone had opened in his name.
Jacob Bogage and Monika Mathur contributed to this report.