Euro Security Watch with Mathew J. Schwartz

Fraud Management & Cybercrime , Governance & Risk Management

Don't Be a Money Mule for the Holidays

Cybercrime Money-Transfer Schemes Increasingly Involve Cryptocurrency
Don't Be a Money Mule for the Holidays
Photo: Mangrove Mike, via Flickr/CC

"Money mules" remain a valuable part of the cybercrime ecosystem. These individuals undertake the risky operation of moving money from one place to another on behalf of crooks.

See Also: Cybersecurity Awareness Engagement Toolkit: Elevate Your Security Culture

Don't be a money mule.

"Money mules are recruited, sometimes unwittingly, by criminals to transfer illegally obtained money between different bank accounts," says Action Fraud, the U.K.'s national fraud and cybercrime reporting center. "Money mules receive the stolen funds into their account. They are then asked to withdraw it and wire the money to a different account, often one overseas, keeping some of the money for themselves."

U.S. Computer Emergency Readiness Team guide to understanding and protecting yourself against money mule schemes.

"The most common money mule solicitations are disguised as 'work from home' opportunities," the U.S. Computer Emergency Readiness Team says in a guide aimed at helping people avoid participating in these crimes.

In some cases, however, money mules can be deployed with counterfeit payment cards to withdraw cash or buy goods that get resold on eBay. In other cases, money mules might be dispatched to withdraw money from malware-infected ATMs.

The vast majority of money mule transactions are linked to cybercrime, says the EU's law enforcement intelligence agency, Europol (see ATM Hackers Double Down on Remote Malware Attacks).

Season's Greetings

Money mule recruitment efforts often increase around the holidays, security experts warn.

"Who doesn't want to earn a little extra money - especially during the holiday season?" Raj Samani, chief scientist at cybersecurity firm McAfee, tells me.

Don't buy in. "It is imperative that those tempted by such opportunities are acutely aware that such activities fund crime and the penalties for mules can include prison," Samani says. "Criminals are using these individuals, and it's these individuals who take nearly all of the risk." (See Taiwan Sentences Money Mules in ATM Attacks)

Indeed, Europol last month announced that a repeat global law enforcement operation - dubbed the European Money Mule Action - had identified 766 money mules and 59 money mule organizers operating in Europe, resulting in 159 arrests.

"With the support of 257 banks and private sector partners, 1,719 money mule transactions were reported, with total losses amounting to almost €31 million," or $36.6 million, Europol says. "Among those money mule transactions, more than 90 percent were linked to cyber-related crimes, such as phishing, online auction fraud, business email compromise (BEC) and CEO fraud. For the first time, romance scams and holiday fraud - booking fraud - were reported by law enforcement authorities."

Europol says an increasing number of money mule transactions involve cryptocurrency.

"The recent Europol action against money mules reveals that this is a lucrative industry," Samani says.

Source: Europol

Call for Mules

Europol says men are more likely than women to be targeted to serve as money mules, and especially men between 18 and 34 years of age. Newcomers to a country are also prime money mule fodder for cybercriminals, including "the unemployed, students and people in economic distress," Europol says.

Criminals may attempt to trick individuals into serving as money mules using a variety of techniques, including romance scams (see Nigerians Get Lengthy Prison Terms for 'Romance Scams').

Europol says criminals' attempted money mule recruitment efforts may come in such forms as:

  • Job advertisements that seem legitimate, such as serving as a "money transfer agent";
  • Seemingly legitimate online posts;
  • Direct job offers, either in person or via email;
  • Posts via social media, for example, on closed Facebook groups;
  • Approaches made through instant messaging apps such as Whatsapp and Viber.

With any "get rich quick" or "work from home" schemes, however, it pays to remain cautious.

"If an opportunity sounds too good to be true, it probably is," US-CERT warns.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.