Okay, so 'Mr. Knowitall'.... doesn't.

Long ago (before the G-L-B Act), creditors use to send these 'trojan checks' out to debtors hoping they would cash them and thereby get their bank account information.

However, since the passage of the G-L-B Act (15 USC 6821), the use of 'trojan checks' is a violation of FEDERAL law.

Here is what the US Code provides:
§ 6821. Privacy protection for customer information of financial institutions
(a) Prohibition on obtaining customer information by false pretenses
It shall be a violation of this subchapter for any person to obtain or attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed to any person, customer information of a financial institution relating to another person—
(1) by making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a financial institution;
(2) by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution; or
(3) by providing any document to an officer, employee, or agent of a financial institution, knowing that the document is forged, counterfeit, lost, or stolen, was fraudulently obtained, or contains a false, fictitious, or fraudulent statement or representation.

http://www4.law.cornell.edu/uscode/1...1----000-.html