I came into work this morning, checked the bank balance, and saw a checked cashed for 3k to Jesus Delgado. I asked Jeff if he wrote a check to a random guy in Connecticut. He hadn’t. Same question to Sam. Nope. The check didn’t look like our company check but was in line with our check numbers. How did someone get our bank account info and then cash a check through a mobile deposit?

I’ve been doing this job for 20 years now and this stuff doesn’t just happen. To be in line with our check numbers was the first clue and I started looking over the past few weeks at any checks we had written. Then it hit me that I had an odd call with a company last Friday who was saying that I had an invoice that was past due when they had already cashed the check. I left the phone call with them saying, “the account has a zero balance.” 5 minutes after they hung up I got an email that said, “please pay this invoice by ACH”. I thought their accountant was going senile.

I called up the company this morning and asked them if there was any unusual activity and that I had a check illegally cashed. I was then clued in that they had known about a phisher who changes the I in their email account to an l. For instance, [email protected] would be [email protected]. Then I went back the initial now known phish on Friday and they had emailed me an exact replica of an invoice and added their bank account info into the upper left. Nasty phish I fell for, but how did they get access to that PDF? The world may never know and I can’t go into further details.

The bank will give us the money back and wants to add another level of security to the account, but it’s clear they have no ability to stop a scammer from cashing a mobile check. The signatures didn’t match our signatures and there is no physical trace as the scammer mobile deposits. I share this because I’ve been doing this job for a while and there is always someone new out there trying to take your money. Beware.