Kevin Poulsen at Threat Level has a great item up about the growing menace of "money mules." The term refers to bank customers who've been conned into unwittingly laundering cash that hackers have stolen from business bank accounts. The con and the funny phrase have been around for a while, but the US Federal Deposit Insurance Corporation issued a new warning to American financial institutions about the increasing spread on Thursday. Snip:
Using specialized Trojan horse malware, cybercrooks have been intercepting web-banking credentials from the computers of small and midsize businesses, and then initiating wire transfers to mules around the country. The mules are consumers who’ve been lured into fake work-at-home scams, in which their employment involves receiving money transfers and then forwarding the funds to Eastern Europe, either directly or through other mules.FDIC Warns Banks to Watch for 'Money Mules' Duped by Hackers [ Threat Level via @glennf ]The scheme has exploded in the last year, with the FBI estimating losses at $40 million so far, according to a recent story from WashingtonPost.com reporter Brian Krebs, who’s been closely following the attacks.
[ Image: Bank Safe Online UK ]
RSS Feed
I'm not entirely clear how this works. I sign up for a work-at-home scam. They send me money that they then expect me to send to Western Europe? How can that possibly work if I just take the dirty money and just spend it on myself?
@Apreche: They are criminals. They will find a way to harm you.
If you take the money you don't get any more money. These mules are 90% complicit in the scam and 10% stupid and irresponsible enough to deserve being treated as though they were complicit.
What can I say, sometimes I get that law and order feeling. Sometimes dealing with plausible deniability requires harsh measures.
I protest. There are no actual mules anywhere in this article. Even trojan horses do not have the style and grace of the mighty mule.
Then when the FBI come for you, you don't even have a plausible way to argue that you were duped and shouldn't face the full penalties for fraud, forgery, etc.
Once the scammed business notices their money is missing and contact the bank, it doesn't usually take too long for the bank and LEAs to unwind that the money went to you, the mule; you're the crooks' firebreak to make it harder to track the money from that point on.
I'm not sure why this is news now; as the article said, it has been going on for a couple years, and I would be surprised if it were a mere $40 million/year scam at this point.
@Apreche: For the same reason that most clerks don't just run off with the cash in the till.