Fraudsters and Money Mule Scams: Turning Credentials into Cash
What is a Money Mule?
You may have heard of the term “mule” or “money mule” being used in relation to hackers and fraudsters. Indeed, mules are a crucial part of the work of fraudsters, as they’re often the component that allows hackers and other cyber criminals to take a hacked Gmail account and turn it into cash.
There are a number of ways fraudsters use money mules, and they vary extensively from one another. However, fraud operations, or “fraud chains” can all be split into two main parts: collecting credentials, and the “cashout,” or turning those credentials into cash. In the first part, hackers employ various methods to obtain victims’ credentials: Phishing attacks, infecting PCs, infecting Point-of-Sale terminals, skimming credit cards, hacking into the database of merchants, etc. After the credentials have been obtained, it’s time to turn them into money. For this part of the operation, hackers use money mules, who are often unaware that they are accomplices to a crime.
Here are some of the ways mules are employed:
In a “bank drop” scenario, the mule has a bank account and receives fraudulent transfers from the accounts hackers have stolen credentials for. When the mule receives the transfer, he or she cashes out the money and sends it to the fraudster via Western Union or another money transfer service. Check out the value of stolen credentials on the black market.
With an “item drop,” a money mule provides a shipping address to which fraudsters send goods that were purchased online with stolen credit card credentials. He or she then ships the items to the fraudster either nationally or internationally.
Other types of mules, such as “Billpay drops” also existed, yet the cashout methods that they were involved with became less popular over time as banks increased security in the services the fraudsters exploited.
So how do fraudsters get to a money mule? In the underground economy, there are “mule herders,” or fraudsters who specialize in recruiting mules and managing mule networks. These mule herders offer their cash out services to hackers and fraudsters who focus on obtaining credentials of online accounts like Facebook and Gmail (sometimes using a method called silent hacks). In the early days, mule herding was a local operation, where herders recruited local people who they sent to open bank accounts. But a more modern approach to finding mules quickly developed when fraudsters realized they could recruit mules more easily by doing what they do best: scamming them over the internet.
There are a few different ways fraudsters recruit mules, which sometimes depend on what kind of “drop” they need the mule to perform. To recruit mules for “bank drops,” fraudsters create and advertise a fake “work from home” opportunity. They create a fake website for a nonexistent company (usually in the shipping field) and then spam job seekers’ emails, advertising the opportunity to work from home as an “account manager.” They claim that the position is designed to help the company’s foreign customers receive funds from banks in the mule’s country. Interested parties are interviewed by phone or email and then receive a contract to sign, largely to make it appear as though the entire operation were legitimate. When the mule starts working, they provide the fraudster their bank account details, and the cybercriminal in turn uses the mule’s bank account to send fraudulent transfers. Once the money is received in the mule’s account, the mule picks it up and forwards it. His or her “salary” is a percentage of the transferred sum, which the fraudster absorbs as an expense. The mule is usually operational until the bank realizes the account is used as a mule (which can take some time, considering it’s the mule’s personal account which has a legitimate activity history), at which point the bank shuts the account down.
“Item drops” networks operate much the same way, but instead of being recruited as an “account manager,” the mule is recruited as a “shipping manager.” In this case, the mule is promised a salary check at the end of month—a salary that never arrives.
Mules can also be recruited as witting accomplices, usually from poorer countries. These mules are flown someplace with tickets paid for by the fraudster, and in return they either need to open bank accounts or pick up items. Mules are also flown by fraudsters to the United States, where they open a bunch of mule accounts, extract the fraudulent funds, and fly out.
These are just some examples of the ways money mules are being recruited today. The sad fact is that mules will always be a necessity for fraudsters, and fraudsters will continue to successfully recruit mules to complete their criminal operations. Since mules always get hurt in the end, it’s important to be aware of how they may be recruited so you can avoid becoming a mule yourself.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.