Check fraud ring exposed in Oklahoma mail theft case

A recently unsealed federal indictment in Oklahoma offers a detailed look into an alleged mail theft and check fraud conspiracy, highlighting methods fraudsters are increasingly using across the U.S. to steal money from banks and credit unions.

The case, led by the U.S. Postal Inspection Service, charges eight individuals with conspiracy to commit bank fraud and other related offenses. The scheme serves as a stark example of the challenges banks and credit unions face in check fraud, which has been increasing like wildfire.

How the scheme worked

Derry Lee Davis, a 23-year-old from Oklahoma City, allegedly led the scheme. Antajaun Monzelle Brown Jr., 24, and Amaurion Ramone Norment, 21, both of Oklahoma City, also allegedly played central roles in the scheme, according to the indictment.

The five other people named were all ages 21 to 23.

According to the allegations, the conspiracy began around or before July 2022 and continued through December 2024. The primary method involved stealing mail from USPS collection boxes (“Blue Boxes”) in the Oklahoma City area using a stolen USPS Arrow Key.

Arrow keys are universal master keys used by postal personnel to access these boxes. Check fraud has proliferated due to drastic cuts in postal police officers and challenges with mail theft, including from collection boxes and through the targeting of Arrow Keys, according to Frank Albergo, president of the Postal Police Officers Association.

Once the alleged fraudsters stole checks from the mail, they allegedly altered information on the checks, such as changing the payee name and sometimes the dollar amount, according to the indictment. This process of altering checks is commonly known as “washing,” often using chemicals to remove ink. In other cases, checks stolen from the mail are used as templates to create entirely counterfeit checks.

To deposit these altered checks, the alleged conspirators recruited others, often referred to as “money mules,” according to the indictment.

The conspirators recruited these so-called mules through social media advertisements promising an easy way to make money, though the indictment did not specify which social media platforms had these advertisements.

Recruits allegedly agreed to allow forged checks to be deposited into their bank accounts in exchange for a portion of the proceeds, according to the indictment. Fraudsters frequently use accounts opened by mules or with stolen or synthetic identities to deposit fraudulent checks and obscure the source.

In some instances, those leading the scheme requested debit cards, account PINs, and online banking login information from recruits to access their accounts, deposit checks and transfer funds after they cleared, according to the indictment.

After checks cleared, the alleged leaders would request their share of the proceeds in cash or via electronic transfer, sometimes withdrawing funds themselves, according to the indictment.

All told, the alleged fraudsters stole hundreds of checks and forged checks totaling more than $100,000 in value, according to the indictment. The overall value of forged checks is likely higher, in part because the indictment, unsealed this week by the United States District Court for the Western District of Oklahoma, is missing a page.

Banking system vulnerabilities exploited

The alleged scheme involved accounts at multiple federally insured financial institutions, including JPMorganChase, Bank of America, MidFirst Bank, Bank of Oklahoma, Tinker Federal Credit Union and Focus Federal Credit Union, according to the indictment.

A FinCEN analysis of mail theft-related check fraud released last year found that criminals often try to avoid interaction with bank personnel, preferring to deposit checks at ATMs or via remote deposit capture. This preference aligns with the indictment’s description of funds being withdrawn via ATMs and the use of online banking access.

The speed and automation of check processing, particularly through methods like mobile deposit, can make it difficult for banks to detect fraudulent items before funds are made available. Bank policies may also have thresholds below which checks receive less scrutiny, although low-value fraudulent checks can quickly add up to significant losses.

In the Oklahoma case, prosecutors highlighted only one instance in which a bank did not clear a fraudulent check. Around June 5, 2023, Davis allegedly attempted to deposit a fraudulent check of $5,000 into the personal Chase bank account of an unnamed conspirator. The check was drawn on a personal account at Focus. Chase did not clear the check, according to the indictment.

In every other case cited in the indictment, the bank or credit union into which a fraudulent check was supposed to be deposited apparently cleared the check. Each of these checks individually were in the amount of $5,000 or slightly less. The banks and credit unions that accepted these checks include Chase, MidFirst, Bank of Oklahoma and Tinker.

Charges and broader context

The defendants in the Oklahoma case are charged with conspiracy to commit bank fraud, which carries a potential sentence of up to 30 years in federal prison if convicted, according to a press release from the U.S. Attorney’s Office for the Western District of Oklahoma.

Specific defendants face additional charges, including bank fraud, possession of a forged security, possession of a stolen USPS key, and possession of stolen mail, with potential sentences varying by charge.

Nationwide, check fraud is a major concern, with Suspicious Activity Reports (SARs) related to check fraud nearly doubling from 2021 to 2023, according to the FBI’s Internet Crime Complaint Center (IC3). A FinCEN analysis of over 15,000 mail theft-related check fraud reports found that altered checks were the most common outcome, occurring in 44% of cases analyzed. The average amount involved in these reports was $44,774.

Banks are prioritizing spending on enhanced security and fraud mitigation in response to rising incidents, with check fraud being a top concern for nearly half of surveyed banks and 64% of community banks. However, effectively combating check fraud requires addressing multiple fronts, including mail security, improved bank controls, and potentially shifting liability.

The Postal Police Officers Association’s Albergo has called for increased protection of letter carriers and damaged collection boxes, and the postal service has announced initiatives to add high-security collection boxes and phase out universal arrow keys to help combat mail theft.

As the alleged Oklahoma scheme illustrates, check fraud involves a chain of criminal activity, from mail theft to check alteration and depositing funds using recruited individuals and accounts. This complexity contributes to the challenges banks face in detecting fraud and recovering losses.