Check fraud: What it is, how to avoid it, and what to do if you’re a victim

What is check fraud? 

Check fraud is the deliberate theft, alteration, duplication, forgery, deposit, or cash-out of a check to obtain funds the account holder never approved. Banks report such events on suspicious activity reports (SARs) under the “check fraud” category, which covers washed, counterfeit, and forged-signature items.

Even the overall use of checks has been is in decline, regulators and industry groups agree the problem is accelerating:

• Financial trend analysis (FTA) carried out by the  Financial Crimes Enforcement Network (FinCEN) found that financial institutions filed more than 15,000 SARs related to mail-theft check fraud, flagging over $688M in suspect transactions.
• A 2024 AFP Payments Fraud and Control Survey found that checks are the payment method most vulnerable to fraud, with 63% of organizations reporting check-fraud activity.
• The Mitek 2023 Mobile Deposit Benchmark Report found that nearly one-third of U.S. small businesses reported a check fraud incident in 2023, and of those, 65% suffered losses exceeding $50,000
• The 2024 Abrigo Fraud Survey found that 51% of check fraud victims had been targeted two or more times, while 31% of check fraud victims were unable to recoup all their losses. The same survey also found that nearly 61% of Americans are still writing checks.
• The 2024 Abrigo Fraud Survey also projects check-fraud losses will top $24 billion in 2024.

How does check fraud work?

Check fraud works through a series of steps, beginning with crooks stealing raw checks straight from the mail stream. The U.S. Government Accountability Office reports that armed robberies of letter carriers have soared in recent years as bad actors hunt for the universal “arrow keys” that open every blue collection box on a route. 

With the envelopes in hand, thieves move to the manipulation stage. FinCEN’s 2024 FTA shows that in mail-theft cases the favorite trick is still alteration (aka “check washing”) — 44% of reports involved scrubbing out the name of the payee or amount before rewriting the fields. Counterfeiting ranks second: a stolen check is scanned and printed onto blank stock, creating a number of copies that carry a genuine account and routing number.

Next comes deposit and cash-out. Criminals open or rent “mule” accounts and feed the washed checks through remote-deposit-capture apps. Those apps accept basic low quality (200-dpi) images, so crude printouts often slip past. Once the funds hit the mule account, money vanishes quickly via ATM withdrawals or crypto off-ramps.

Types of check fraud  

Types of check fraud include various techniques, with new methods emerging as technology advances. The following list presents some common, though not all-inclusive, examples of how criminals carry out check fraud.

Paperhanging

Paperhanging is when a crook opens an ordinary checking account, writes checks far above the balance, pockets the cash (or moves it elsewhere), then vanishes before the items clear. Because banks still grant one- to two-day “float” before final settlement, the checks spend like real money in that window. Once the bank tries to post them, the account is already closed or empty.

Check kiting

Check kiting is a scheme executed by a fraudster who links two or more live bank accounts. It works something like this: first, a crook writes an unfunded check from account A and deposits it into account B to create a temporary, “phantom” balance. Before that check can bounce, they deposit another bad check (this time from account B) back into account A, and the repeat the cycle.This rolling float makes both ledgers appear solvent long enough for the fraudster to withdraw real cash. Although modern same-day clearing has greatly reduced when the linked accounts reside at different banks or in different states. 

Check theft

Check theft is the act of stealing filled-out checks from mailboxes, office trays, or courier pouches. Thieves then deposit the stolen checks unchanged by posing as the payee or  through an ATM, where front-side details get only automated scrutiny. FinCEN tied the current spike in check fraud directly to mail theft, noting more than 250,000 consumer complaints in 2023 and 717 robberies of letter carriers in 2022–23.

Check alteration (washing)

Check alteration, also known as check washing, is the process of using common solvents to change a check’s information. Criminals rinse the ink from the payee or amount lines of a stolen check, air-dry it, and rewrite the fields. Because the magnetic-ink code at the foot of the document never changes, bank scanners accept the item as authentic.

Check forgery

Check forgery involves a thief forging the drawer’s signature to redirect funds, or faking the payee’s endorsement on the back to cash a check not written to them. 

Identity check theft

Identity check theft occurs when criminals use a single blank or canceled check — which reveals personally identifiable information  (a name, address, routing number, and account number). Crooks combine those details with fake ID to open “drop” accounts or order new checkbooks in the victim’s name, then write what look like normal checks until the true account holder or bank flags the activity.

Check counterfeiting 

Check counterfeiting is when fraudsters start by stealing or intercepting a real check — often from your mailbox or a company’s outgoing mail. They scan it to capture the magnetic routing and account numbers then print dozens of near-perfect copies on blank check stock. On each copy, they’ll change the payee name or inflate the amount. Because the routing information is genuine, banks will initially accept deposits at ATMs or teller windows. By the time the bank spots the fake and pulls back the funds, the criminal has already pocketed the money.

Cashier’s check fraud

Cashier’s check fraud involves four steps. First, a fraudster mails a bank-guaranteed check that appears genuine. Next, the recipient deposits it and temporarily gains access to the funds. Then the scammer requests a “refund” of an overpayment by wire transfer or gift card. Finally, once the issuing bank flags the check as counterfeit, the deposit is reversed and the account is debited for the full amount plus fees.

Mobile check fraud (double presentment)

Mobile check fraud, also known as double presentment, exploits remote-deposit-capture apps that credit funds from a smartphone photo within minutes. Fraudsters image-deposit a stolen check and then rush the physical document to an ATM — or another bank — before duplicate detection systems sync and flag suspicious activity. If timed well, both deposits clear and the cash is drained before either institution reverses the overlap. Bank analysts flag double presentment as the fastest-growing mobile-deposit abuse.

What is the most common type of check fraud? 

The most common type of check fraud is check alteration – better known as “check washing.” According to the FinCEN’s nationwide review of mail-theft cases, 44% of stolen checks were chemically washed and rewritten before they were ever deposited, making alteration the leading manipulation by a wide margin. 

Who is typically targeted by fake check scams? 

Fake check scams typically target accounts filled with cash and people who still rely on paper checks. That narrows the bull’s-eye to three main groups.

• Small businesses with young accounts.
  Nearly one-third of U.S. small businesses were hit by check fraud in 2023, and 65% of those cases cost the organization more than $50,000. The American Association of Retired Persons (AARP) notes that most forged checks  – 90% – are drawn on accounts less than a year old, when security controls and habits aren’t yet solid.
• Mail-reliant payroll and benefit recipients. Organized check fraudsters empty mailboxes on company paydays and during Social Security mail-outs because business payroll and Treasury checks are well funded and often go unmissed for days. 
• Consumers who still write and cash paper checks. The 2024 Abrigo Fraud Survey found 61% of Americans still use checks; surprisingly, usage is highest among Gen Z (59%) and Millennials (57%), not just older adults. FTC  data show the 20-29 age bracket files the most fake-check scam reports (21%), while seniors lose the largest amounts per incident. 

Legal consequences of check fraud

The legal consequences of check fraud include criminal prosecution and civil liability – and the two play out quite differently.

At the criminal prosecution level, the dividing line is the amount and the venue. Large or organized schemes usually land in federal court. A conviction there carries up to 30 years in prison and a fine of $1M as outlined in section 1344 of the UCC.

Smaller cases remain with state prosecutors, but most states elevate forged, altered, or counterfeit checks to a felony once the face value clears a modest threshold (for example $950 in California).

Unfortunately, a criminal conviction does not decide who ultimately eats the monetary loss. That’s governed by the Uniform Commercial Code and by each bank’s account contract. When a thief alters the amount or forges the drawer’s signature on your check, the bank that paid it must reimburse you — provided you flag the problem quickly. Section 4-406 of the UCC lets a bank cut off refunds if the customer waits more than 30 days after the statement is made available to report the unauthorized item.

The rule works in reverse when someone deposits a counterfeit or an entirely fake check into your account. Every credit you see from a paper check deposit is provisional; if the check later proves to be fake, the bank reverses the entry and you owe the money back. The Federal Trade Commission warns that this is exactly how “overpayment” and “prize-winning” scams drain victims: Once you have refunded part of that provisional credit to the scammer, the loss is yours when the counterfeit is returned.

How is check fraud investigated 

The investigation of check-fraud usually begins at a bank’s back office. The moment a customer disputes a check, whether it’s because the amount is wrong, the payee looks unfamiliar, or a mailed payment never arrives, the bank must open an inquiry. Federal rules require the bank to provisionally credit the account while it verifies the claim. If the signature proves to be fake or the amount altered, the check is declared “not properly payable” and the provisional credit becomes final.

When an internal review shows criminal intent, the bank files a suspicious activity report. Those SARs go to FinCEN, where analysts flag patterns — such as clusters of altered business checks or repeated deposits at the same ATM.

From FinCEN the case often shifts to law enforcement. If the check moved through the postal system — as most do — the U.S. Postal Inspection Service steps in. Postal inspectors tap surveillance footage from blue collection boxes, trace stolen “arrow keys,” and match handwriting or printer artifacts on seized checks. If SAR data points to organized crime, federal law enforcement such as the FBI or Secret Service step in.

For victims, speed matters. The sooner authorities are informed, the better the chances of catching the culprits. From first dispute to closed investigation, a routine, single-item case can wrap up in a month. Organised crime rings that span multiple banks and states take much longer.

Real-world check fraud examples  

Real-world check fraud examples illustrate how varied tactics for check fraud can be and how high stakes are. Here are some notable cases.

A $3.1 million treasury-check ring

A Salt Lake City indictment describes three defendants who scanned stolen U.S. Treasury checks, printed counterfeits on blank stock, deposited the paper across several banks, then funneled the proceeds through mule accounts before wiring the money overseas. In less than three years, they moved more than $3 million.

Mortgage payment lost to washing

Mike Smith mailed his routine $2,987 mortgage check from his rural mailbox. Thieves stole the envelope, erased the payee and amount with solvents, readressed it to a stranger, and cashed it. Smith discovered the fraud only when his lender called about a missed payment. Local deputies confirmed the check had been washed. The bank refunded Smith but opened a case with postal inspectors. The incident is part of at least 13 forged-check reports in New Hanover County.

Fake cashier’s checks for used-car deals

Between 2018 and 2023, Valentino Colic, 34, met private car sellers on Facebook Marketplace and Craigslist, handed over cashier’s checks printed on home equipment, drove the vehicles away, then flipped them before the victims’ banks marked the check as “no funds.” Court records show more than $1.7 million in worthless checks issued to over 100 individual sellers across five states. Colic was sentenced on March 27, 2025, to 12 years in federal prison.

700 checks, $5 million stolen

The leader of a Washington-area network admitted stealing more than 700 checks worth over $5 million, recruiting account mules online, and laundering the cash through shell companies that paid for luxury cars and designer goods. U.S. Postal inspectors, the Secret Service, and the IRS linked the deposits by matching dozens of counterfeit items. A federal judge handed down a nine-year sentence. 

What do you do if you’re a victim of check fraud 

If you’re a victim of check fraud, follow the steps below to limit losses and any further exposure. 

1. Contact your bank’s fraud department the same day you spot the probable check fraud. State exactly which check number is in dispute and why (forged signature, altered amount, counterfeit). Ask the representative to place a stop payment on that item, freeze further check activity on the account, and open a formal fraud claim.
2. Obtain the check image and submit a written affidavit. Banks supply their own “fraudulent-check affidavit.” If yours does not, download the FTC Identity Theft affidavit. Attach the images from both the front and back of the check, sign the affidavit, date it, and keep a copy. This written record fixes the dispute date and supports reimbursement or insurance claims.
3. Close or migrate the account if the routing and account numbers have been exposed. One stolen check can be washed, cloned, and presented repeatedly. Ask your bank to open a new account, move direct deposits and bill payees, and mark the old routing number “closed — fraud.”
4. Place a one-year initial fraud alert with a credit bureau. New credit applications in your name will trigger extra identity verification, blocking accounts opened with data from the stolen check.
5. Set up real-time transaction alerts and review images daily for 90 days. Use your bank’s app to receive an SMS or push notification each time any check or large card transaction happens. 
6. Document every call, form, and reference number. Keep a dated log. Banks, law enforcement, and insurers will ask for it, and it proves you acted within the required time frames.

How to report check fraud 

To report check fraud, you’ll have to turn to federal and state agencies. File reports with all law enforcement agencies to maximise your chance of reimbursement.

• Federal Trade Commission (FTC): Produces an official identity-theft report that banks and police accept.
  • File online at: https://www.identitytheft.gov
• U.S. Postal Inspection Service (USPIS): Leads investigations where checks were stolen, washed, or cloned from the mail.
  • File online at: https://www.uspis.gov/report 
  • Hotline: 877-876-2455
• State Attorney General: Coordinates with local prosecutors and may run restitution programs.
  • Find your AG at: https://www.naag.org.
  • Submit the online consumer-complaint form and attach the FTC report and check image.

Submit these reports on the same day you alert your bank. Agencies share data in real time, making it easier to intercept accounts and charge offenders before funds disappear.

How to prevent check fraud 

To help you avoid check fraud, we’ve prepared practical steps you can take. Banking and government experts recommend a multi-faceted approach to avoid becoming a victim of check fraud:

• Secure your mail: Since mail theft is a major gateway to check fraud, be very careful with any checks sent through the postal mail. Deposit outgoing mail in secure USPS collection boxes inside the post office or hand it directly to a mail carrier. Avoid leaving mail in street mailboxes or your personal mailbox overnight. 

Consider using Informed Delivery (a free USPS service that emails you images of incoming mail) so you can verify if important mail (like a check) is expected and note if it doesn’t arrive. 

For sensitive mail, you might also use security/tinted envelopes to make it harder to see or fish out checks

• Write checks with precision: If you must write paper checks, take precautions to make them harder to tamper with. Use a black gel ink pen, which makes chemical “washing” much more difficult. Completely fill out the payee line and amount box. Draw a line through any leftover blank space so nothing can be added.

Never pre-sign blank checks, and avoid writing personal details (like your phone , driver’s license, or Social Security number) on the checks, such info can help identify thieves if the check falls into the wrong hands.

You might also consider using electronic bill pay through your bank. The bank mails a check on your behalf or pays the bill electronically, removing your personal check from the equation. 

• Be vigilant about your bank accounts: Monitor your bank accounts regularly so you can spot any unauthorized checks or unusual withdrawals as soon as possible. With online and mobile banking, you can frequently review your transactions and even see images of processed checks. Make it a habit to inspect and check images for any signs of alteration.

If a check you mailed hasn’t reached the recipient within a reasonable time, follow up with them and don’t ignore a delay, it might have been stolen in transit.

Many victims only discover fraud weeks later when a bank statement arrives. By then, the trail is cold. Timely detection can greatly improve the chance of recovery. 

• Never trust “easy money” checks: Educate yourself about fake check scams. If you receive an unexpected check with instructions to deposit it and then wire money or buy gift cards, assume it’s a scam. No legitimate business overpays and asks for a refund via non-traceable means.

Common scam scenarios include mystery shopper jobs, prize winnings, charity donations, or online purchases where the buyer “accidentally” sends too much. In all these cases, the check will bounce. The FTC’s rule of thumb: If someone you don’t personally know sends you a check and asks for any form of send-back payment, don’t do it.

When selling online or via classifieds, be wary of any check payment larger than the price, it’s usually a red flag. For businesses, consider instituting a waiting period to verify high-value checks from new clients or unknown parties before delivering goods or services.

• Use bank security services: Businesses and consumers have access to bank-offered fraud prevention tools. 

Positive Pay is a service where you provide your bank with the details of the checks you issue (check number, amount, payee), and the bank will only pay checks that match. This can stop criminals who attempt to cash counterfeit or altered checks in your or your company’s name. Likewise, many banks offer alerts for large check payments, the ability to set daily withdrawal limits, or dual authorization for issuing checks above a threshold. Make use of these services if available. They add layers of defense.

• Act fast if fraud occurs: If you suspect check fraud, whether you notice a strange check posting to your account or a recipient tells you that they never received your mailed check, report it immediately. Notify your bank right away and request a hold on the account or specific check number. 

The American Bankers Association advises victims to obtain copies of any fraudulent checks from the bank (for evidence) and then file reports with law enforcement and the Postal Inspection Service.

• Use trusted identity-theft protection services like NordProtect: Even a single stolen or altered check hands criminals the exact personal and financial data they need (your name, address, and bank details) to open new accounts or apply for credit in your name.

NordProtect continuously searches breach archives and performs dark web monitoring for any appearance of your personal identifiers and sends an alert the moment your data shows up somewhere it shouldn’t. It also provides online fraud insurance coverage, so you can protect yourself from scams.

At the same time, if you’re also worried about related threats like credit card fraud, the NordProtect credit monitoring feature flags new inquiries or account openings tied to your identity, so you can stop check-based identity scams before they take hold. If fraud does occur, NordProtect’s recovery specialists can help you through placing formal alerts, filing disputes with banks and credit bureaus, and reclaiming your money. This layered defense ensures that if check fraud turns into identity theft, you’re already protected.

By following these tips and staying informed, you can significantly reduce the risk of falling victim to check fraud. The overarching advice is to treat a paper check with the same caution you would treat cash. That might mean phasing out paper checks in favor of more secure payment methods. However, if you do use checks, being proactive is your best defense. Check fraud may be on the rise, but with awareness and practice, you can stay one step ahead.