Financial institutions should be on the lookout for money mules depositing funds stolen via electronic file transfers, says the Federal Deposit Insurance Corp.

Dark Reading Staff, Dark Reading

October 31, 2009

2 Min Read

The FDIC issued a warning yesterday to banks about the rise in so-called "money mules" being deployed to move money stolen via online banking.

Money mules -- banking customers recruited by fraudsters to take in and transmit stolen funds -- often are hired under the guise of phony "work-at-home" schemes. As unemployment rates have climbed, so have the number of money-mule recruitment and job-related spams that prey on people losing their jobs. Money mules are often lured by promises of hundreds or thousands of dollars an hour to perform jobs such as rebate processing, for instance. The duped money mule usually ends up wiring funds to Eastern Europe, security researchers say.

Several types of transaction events can indicate possible money-mule activity, according to the FDIC. If an account suddenly adds large EFT deposits, or if deposit customers suddenly start sending and receiving funds electronically that are related to business or employment found on the Internet, then this could indicate money mule activity.

Other examples of money-mule operations include a new account that's highly active with large dollar amounts or numbers of EFTs; when an account receives a funds transfer and then shortly thereafter sends wire transfers or cash withdrawals at 8 to 10 percent less than the original transfer; and if a foreign exchange student with a J-1 Visa and a phony passport opens a student account with a lot of EFT deposits and transfers.

"The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions of an increase in schemes to recruit individuals to receive and transmit unauthorized electronic funds transfers (EFTs) from deposit accounts to individuals overseas," according to the FDIC special alert sent to financial institutions. "These funds transfer agents, often referred to as 'money mules,' are typically solicited on the Internet by criminals who have gained unauthorized access to the online deposit account of a business or consumer. In a typical scenario, the criminal will originate unauthorized EFTs from a victim's account to a money mule's deposit account. The money mule is then instructed to quickly withdraw the funds and wire them overseas after deducting a 'commission' (commonly eight to ten percent)."

The FDIC said in its alert that money-mule activity is basically electronic money laundering, and said that stronger identification of customers and high-risk account monitoring practices can help detect such suspicious activity.

Meanwhile, some bad guys are getting cagier about hiding their real money-mule connections. RSA researchers recently discovered a cybergang setting up decoy mule accounts to hide their real mules. Shutting down money mule channels basically stops the money from moving, so fraudsters are motivated to protect this conduit.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights