"Money mules" remain a valuable part of the cybercrime ecosystem. These individuals undertake the risky operation of moving money from one place to another on behalf of crooks.
Don't be a money mule.
"If an opportunity sounds too good to be true, it probably is."
"Money mules are recruited, sometimes unwittingly, by criminals to transfer illegally obtained money between different bank accounts," says Action Fraud, the U.K.'s national fraud and cybercrime reporting center. "Money mules receive the stolen funds into their account. They are then asked to withdraw it and wire the money to a different account, often one overseas, keeping some of the money for themselves."
"The most common money mule solicitations are disguised as 'work from home' opportunities," the U.S. Computer Emergency Readiness Team says in a guide aimed at helping people avoid participating in these crimes.
In some cases, however, money mules can be deployed with counterfeit payment cards to withdraw cash or buy goods that get resold on eBay. In other cases, money mules might be dispatched to withdraw money from malware-infected ATMs.
The vast majority of money mule transactions are linked to cybercrime, says the EU's law enforcement intelligence agency, Europol (see ATM Hackers Double Down on Remote Malware Attacks).
Money mule recruitment efforts often increase around the holidays, security experts warn.
"Who doesn't want to earn a little extra money - especially during the holiday season?" Raj Samani, chief scientist at cybersecurity firm McAfee, tells me.
Don't buy in. "It is imperative that those tempted by such opportunities are acutely aware that such activities fund crime and the penalties for mules can include prison," Samani says. "Criminals are using these individuals, and it's these individuals who take nearly all of the risk." (See Taiwan Sentences Money Mules in ATM Attacks)
Indeed, Europol last month announced that a repeat global law enforcement operation - dubbed the European Money Mule Action - had identified 766 money mules and 59 money mule organizers operating in Europe, resulting in 159 arrests.
"With the support of 257 banks and private sector partners, 1,719 money mule transactions were reported, with total losses amounting to almost €31 million," or $36.6 million, Europol says. "Among those money mule transactions, more than 90 percent were linked to cyber-related crimes, such as phishing, online auction fraud, business email compromise (BEC) and CEO fraud. For the first time, romance scams and holiday fraud - booking fraud - were reported by law enforcement authorities."
Europol says an increasing number of money mule transactions involve cryptocurrency.
"The recent Europol action against money mules reveals that this is a lucrative industry," Samani says.
Call for Mules
Europol says men are more likely than women to be targeted to serve as money mules, and especially men between 18 and 34 years of age. Newcomers to a country are also prime money mule fodder for cybercriminals, including "the unemployed, students and people in economic distress," Europol says.
Criminals may attempt to trick individuals into serving as money mules using a variety of techniques, including romance scams (see Nigerians Get Lengthy Prison Terms for 'Romance Scams').
Europol says criminals' attempted money mule recruitment efforts may come in such forms as:
- Job advertisements that seem legitimate, such as serving as a "money transfer agent";
- Seemingly legitimate online posts;
- Direct job offers, either in person or via email;
- Posts via social media, for example, on closed Facebook groups;
- Approaches made through instant messaging apps such as Whatsapp and Viber.
With any "get rich quick" or "work from home" schemes, however, it pays to remain cautious.
Money muling is a crime. Consequences can be severe for you. Report it to your bank and national law enforcement authority if you suspect you might be part of a money mule scheme #dontbeaMulehttps://t.co/DD30nYfR1P pic.twitter.com/Y0N606Vpj7— Europol (@Europol) December 1, 2017
"If an opportunity sounds too good to be true, it probably is," US-CERT warns.