Money Mules

Internet phishing operations are growing and becoming more successful at stealing money from people. phishing is the practice of sending emails that appear to be from a bank or credit card company and asking the recipient to verify their information by clicking a link in the email which takes them to an official looking website for their bank or credit card company. Once on the site the person is asked to enter their account number, social security number and other compromising personal information. With this information the phisher has access to their accounts.

Currently, most phishers operate out of the former Soviet Union and their main targets are in the United States, the United Kingdom and Australia. With their phishing operations a success, in terms of the very large number of people who have provided account information, the phishers have a new problem in the form of how to move the large sums of money acquired from the victims in the west to themselves in the east without attracting suspicion. 

Enter the money mule. Just as drug smugglers at one time solved the problem of moving large amounts of drugs into recipient countries without arousing suspicion by recruiting and using thousands of poor peasants (whom they referred to as mules) to carry the drugs across borders in small amounts, the phishers have now turned to duping thousands of individuals into accepting relatively small amounts of money stolen from people's accounts and transferring the funds to the phishers in the former Soviet Union. In the case of drugs, the peasants knew that what they were doing was illegal but, being very poor and out of work, they accepted the jobs. In the case of money mules, the phishers need to recruit people from countries that are not poor. In the U.S., U.K and Australia the recruiting bait that the phishers use is the promise of a job from home using your computer.

Phishers advertise positions on legitimate Internet job sites, spam emails, chat rooms, special websites and other places on the Internet. The jobs offered often have titles like sales rep, payment processing, shipping, etc. phishers go to great lengths to make the jobs look legitimate and this includes having prospective money mules complete application forms and job contracts. The targets of this recruitment process are usually unaware that these are not legitimate business opportunities. The ranks of legitimate telecommuters, people working for an employer from home with their computers, and small, home based businesses are growing rapidly and the phishers are using this trend to recruit for their own illegal schemes.

The phishers make fraudulent purchases with the credit cards and bank accounts they have gained control over and direct the payments for the purchases to the accounts of their money mules. The money mules then subtract an agreed upon commission and wire transfer the remainder of the funds to the phisher's account in one of the nations of the former Soviet Union. Because legitimate credit card transactions are often handled by either third party firms or subsidiaries of the selling firm, it is often difficult for a person to identify the source of all of the charges on their account. While a person might not question a charge to XYZ Holdings or an ATM withdrawal at Central 201, their attention would be drawn to transactions that occurred in places like Belarus or Moldova and quickly report them. Being local, money mules help keep the fraud from being discovered. Similarly, large transfers of funds from an account in the west to an account overseas attract the attention of law enforcement while small transfers are more likely to go unnoticed as many people remit money to family and friends abroad or make purchases abroad via the Internet. In this way the money mules have become a critical element in the phishers operations.

While law enforcement is doing its best to put an end to phishing the real solution will be a better educated and more sophisticated public. phishers gain access to account information when unsuspecting people give the information to them. Long before the Internet existed, banks were warning customers not to give account information to people who call on the phone. Banks routinely stress in advertising and postings in their lobbies that they never have their employees call and ask for critical account information. With the Internet they stress that they do not ask for Account numbers, Social Security numbers and the like via email (they do ask for this if you go to their website to open up an account but that involves you going to them, not them coming to you with the request). In addition to guarding their account information, consumers should also review their accounts regularly and question transactions that they do not remember making. People who bank online have an advantage here in that, rather than waiting until the end of the month for their statement to be mailed, these people view transactions online frequently. This allows them to detect and report fraud faster. Also, by viewing the account regularly, online users are more likely to remember transactions from the past few days and quickly notice ones that they do not remember making. As to the money mules, the advice is to know who you are dealing with. Educating the public to the existence of such operations is a first step. People who are aware of how these operations work are more likely to analyze job offers of this type more critically than those who are ignorant of the dangers that exist in the world.