Stay informed and never miss a MindWise update!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Colloquially, a "bank drop" is a financial transaction in which a person or business delivers physical currency, checks, or other financial instruments to a bank.
However, when the term "bank drop" is used by a fraudster or criminal, it takes on a different meaning.
In this case, a bank drop is when a cybercriminal takes over a victim's bank account in order to transfer stolen funds.
Bank drops are a critical component to most cybercriminal operations and preventing them can significantly hinder their activities.
In addition to preventing bank drops as part of our civic duty, it also behooves both individuals and financial institutions to combat this issue.
Individuals whose accounts are compromised may face significant financial losses and impacts to their credit score if the cybercriminal opts to steal their personal funds or open new lines of credit.
Financial institutions also face potential losses as their policies often require them to compensate their customers for their losses.
Additionally, institutions may face consumer and regulatory scrutiny if account takeovers become a frequent problem.
Cybercriminals often transact using digital currencies like Bitcoin and Monero, but since these currencies are yet to be widely adopted by normal businesses, cybercriminals must convert their digital assets into normal dollars if they want to use their assets.
To do so, cybercriminals often commit identify fraud to take over a victim's bank account.
The victims' accounts will then receive deposits as the cybercriminals' digital currencies are converted to regular dollars.
The deposits are then transferred to the criminals' personal bank accounts or more likely used to purchase other cryptocurrencies, physical items, or fraudulent services to be used for money laundering before making its way back to the cybercriminal.
It is important to note, that cybercriminals often steal the entire balance of the victims account in addition to using it to convert their digital currencies.
Alternatively, fraudsters may build a completely false identity, known as synthetic fraud, to open a bank account for a bank drop.
Often times, a lone cybercriminal will take over the account of a single victim and use these bank accounts as "money mules" to perform their bank drop and possibly steal the victim's funds.
In these cases, the victim's private information such as their social security number, name, address, and account details were compromised in a likely unrelated data breach or scam.
That stolen personal information is then sold from one cybercriminal to another who will than use it to take over the account.
In more sophisticated instances, criminal organizations will over bank drops as a service.
After collecting a fee, the service will use a robust network of compromised or fraudulent accounts to return their client's funds to their personal account in a standard currency.
For example, the criminal organization QQAAZZ offered this service by using a network of accounts across 16 countries to help launder tens of millions of dollars.
Collectively, it is likely that billions of dollars have been laundered from or via the dark web.
Physical drops are a more complex spin on Bank Drops as a Service and allow for a cybercriminal to convert their digital assets into physical currencies like US Dollars.
The now shuttered illicit marketplace Hydra was famous for their physical currency service operating across dozens of countries.
Cybercriminal clients would pay Hydra a significant fee and the market would disclose a hidden location where the client could find a package containing their new cash.
Fortunately, this marketplace has been closed by law enforcement, but similar operations are likely still occurring on a smaller scale.
Vigilance is the most important component to not becoming a victim fraud.
While obnoxious, it is very important to periodically review credit score activity, credit/debit card transactions, and bank account activity.
Cybercriminals always leave a trace of their activity and identifying an unusual deposit or withdrawal can alert individuals that their accounts are not secure and currently being used by cybercriminals.
Additionally, it is critical to employ safe cybersecurity practices on a day-to-day basis.
These can include simple methods like being sure to not respond to phishing emails, not disclosing bank account details, using anti-virus software, maintaining password security.
It is also important to choose financial services that are actively protecting their clients by employing the best, current security measures.
Every financial institution is already compelled to utilize standard KYC procedures however to combat money laundering these are often not sufficient to thwart cybercriminals.
This is especially true since they often take over the account of an otherwise legitimate customer.
Accordingly, it is important to identify fraudulent transfers from suspicious sources and prevent criminals from using compromised bank accounts by monitoring for stolen credentials that may be used to access customers' online accounts.
Bank drops work when cybercriminals hijack a victim's bank account, usually through stolen personal information or other various methods, to convert their digital assets into useable, standard currencies or physical cash.
The money mule receives fraudulent transfers from the cybercriminal which are then transferred back to the criminal or used in a money laundering process.
Individuals should remain vigilant and watchful for suspicious transactions, employ basic cybersecurity techniques, and work with financial services that are actively protecting their clients to avoid becoming a victim of accounts hackers.
Every financial institution should scrutinize credentials used for account openings to prevent criminals from using synthetic fraud for creating a new bank drop account.
Additionally, existing customers' information should be monitored for compromise along with identifying suspicious activity which may be associated with transfer stolen funds.