Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Computer Crime's Unwitting Accomplices

Electronic 'mules' absorb the risks in online money-laundering scams, often without knowing they're doing anything wrong

MAKE EXTRA $$$ WORKING FROM HOME! NO SPECIAL SKILLS REQUIRED! EARN HUNDREDS OR THOUSANDS EACH MONTH!

If you've seen messages like this in your email box, you might recognize them as spam. But you might not recognize that many of them are recruiting posters for one of the fastest-growing segments of the cyber crime economy -- the online mule.

A "mule" is an intermediary who carries goods or money on behalf of a paying criminal. In the drug trade, a mule might help with deliveries or smuggling. In credit card schemes, a mule buys goods with stolen credit cards and shares the proceeds with the card thief. In both cases, mules usually know they are participating in a crime.

But Gunter Ollmann, director of security strategy at IBM Internet Security Systems , says there is a new category of mule that is increasingly -- and sometimes unwittingly -- playing a critical role in the business of phishers and online identity thieves.

"When a phisher steals money from a victim's bank account, he obviously doesn't just route that money to his own account and spend it," Ollmann explains. "If he did that, he'd be caught right away, because the bank can monitor the money's trail. So most phishers need help from mules to help launder the money -- and that's who they're trying to recruit when they send out those 'work from home' spam messages."

The process works like this, according to Ollmann. When a phisher starts a major spam campaign, he also initiates a separate campaign to recruit the mules he'll need to launder the money he's getting from the phishing victims. While he's emptying the bank account of the victim, he's asking other banking customers to accept small fractions of the money into their accounts.

Once the mules have those electronic funds, they may transfer the bulk of them to another country where they can't be traced, or simply write a paper check to buy goods that can be resold for cash. Sometimes the mule simply gets cash and transfers it to another location via Western Union. However the transfer is done, the mules get to keep a portion of the money for themselves.

But while some mules know that what they're doing is illegal, many others do not, Ollmann observes. "Some of these money laundering schemes look very legitimate," he says. "The phisher might say they are a company that is looking to gain a tax advantage by having the user handle the money, or they might say they want the mule to do some purchasing on behalf of their company. Their communications are very professional, and their Websites look very established."

Phishers often take advantage of mules who don't know they can be detected or prosecuted for participating in money-laundering schemes, Ollmann says. "They get a lot of high school or college students who think they won't get prosecuted, even if they are caught."

Banks are constantly on the lookout for suspicious funds transfers, even before a theft occurs. But they can't monitor every transaction, so they usually put a minimum -- say, $1,000 -- on the transfers they monitor. "The goal of the phisher is to make transfers that are smaller than that minimum, so that the bank won't detect them," Ollmann explains.

But as identity theft becomes more common and banks raise their antennas to detect these schemes, that "minimum" transfer is shrinking, Ollmann says. "To continue to operate under the radar, [phishers] need to work in smaller and smaller transaction sizes. Some of the banks have lowered their thresholds to a few hundred dollars."

As a result, phishers now need more mules than ever, and their recruiting campaigns have intensified. "We're seeing more recruiting spam, and it's becoming more sophisticated, so more people are being taken in," Ollmann says.

But users shouldn't have any illusions about making a few extra bucks by playing mule, Ollmann warns. "Mules do get prosecuted -- in fact, they're more likely to get prosecuted than the phishers, because the bank can trace the money to their accounts. The life of a mule is pretty short. They might only operate for two to four weeks before they're caught."

IT and security pros should take care to advise their users about these phishing/spam campaigns and keep them from getting sucked in, Ollmann says. "These offers look pretty attractive, even to people who are already employed and doing well. It can be easy to get fooled."

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
CVE-2020-23371
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
CVE-2020-23373
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2020-23374
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.