For a more recent article on money mules, read “How Cybercriminals Use Money Mule Accounts to Profit From Online Fraud.”

Money mules are an important element in the process to cash out compromised financial accounts. A money mule is a person who receives and transfers illegally acquired money on behalf of others and receives a commission in return. Cybercriminals, often located in Eastern European countries, require the help of accomplices located in-country to cash out compromised accounts.

Money mules may be knowing, witting accomplices or unknowing, unwitting accomplices. The use of mules is low-risk for the criminals, who remain anonymous while the mules acting on their behalf run a high risk of being exposed, arrested, convicted and sent to prison.

Schemes for Targeting Knowing Money Mules

The old-fashioned method for fraudsters to recruit a mule was through real-world interactions. Low-level players in organized crime groups (OCGs) or individuals looking to make a quick buck would be tasked with this job. Their job would entail moving money from point A to point B. These professional mules still exist, though anti-money-laundering laws and regulations have become the norm, and financial institutions have created methodologies to better catch these instances. Thus, it is now harder for traditional professional mules to complete their tasks.

OCGs adapted to this new environment by creating a number of schemes focused on unknowing money mules. The role of the professional mule became the mule herder. A mule herder is someone who recruits people to carry out the fraudulent transactions. With technology and the Internet, mule herders no longer have to rely on being physically close to mules to ensure their schemes are completed.

“A single mule herder can run multiple mule operations, each focusing on a different country and language,” writes Idan Aharoni for SecurityWeek. “If in the past most mules were accomplices, today they’re mostly unwitting mules, regular Joes who get scammed into being mules and are not necessarily less innocent than the actual victims of the fraud.”

Professional Mules

Professional mules are adapting to today’s technologies and utilizing commercially available crimeware to complete their fraud. Crimeware is a type of malicious software designed to carry out or facilitate illegal online activity.

A well-known case involved a cyber-ring of 70 money mules that defrauded millions of dollars from U.S. and U.K. banks by utilizing the Zeus Trojan crimeware. The Zeus Trojan operates through Microsoft Windows operating systems and is used to carry out criminal tasks such as stealing banking information and installing CryptoLocker ransomware. It spreads through phishing schemes and malicious downloads.

The majority of the criminals were from Russia, Kazakhstan, Belarus and the Ukraine and comprised a mule organization of mule herders, individuals who obtained false passports and the mules themselves. While some of the individuals in this scheme were unaware of the fraud, the majority of the players were knowing parts of the operation. The controllers of the malicious Trojan spread it to victims’ PCs through email. Once a victim’s computer was infected, the malware let the attackers steal victims’ banking information, thus allowing for the transfer of money from victim accounts to mule accounts. The mules would then withdraw the funds and send them to their accomplices, keeping a small portion for themselves.

Another example of a professional mule situation is auto auction fraud schemes. Criminal groups, often in Romania, establish online auctions for nonexistent cars or merchandise. Victims who respond to the fraudulent listings are instructed to send payment to a mule account. The mule then transfers the proceeds overseas to his or her co-conspirators. One of the most well-known professional auto auction money mules is Romanian Adrian Ghighina, who pleaded guilty to wire fraud in 2011. According to the U.S. Department of Justice, Ghighina acted as a money mule for four years, moving around the United States and opening bank accounts under fake names. The accounts were used to receive the illicit proceeds from victims of fraudulent auto auction fraud.

J-1 Visa Money Mules

The State Department’s J-1 Visa Exchange Visitor Program is a cultural exchange initiative. There are many subprograms for purposes such as au pair work, visiting physicians, scholarly research and internships. The program also includes the Summer Work Travel and University Student programs, which have been exploited by OGCs to recruit and place money mules within the United States.

Young adults are recruited in their home countries through social networking sites, online advertisements and personal contacts to serve as money mules while working or studying in the United States. The mules open an account and provide that number to their handler or to the OCG. The OCG hackers use various online techniques to compromise the online banking credentials of consumers. Once they are compromised, the OCG may initiate an Automated Clearing House (ACH) transfer to the account of the mule, who will then transmit the funds electronically to the OCG or will withdraw it in cash and smuggle it back to his or her home country for delivery to the OCG.

Perhaps the largest and most famous take down of a J-1 Visa operation was Operation ACHing Mules in 2010. Charges against 37 people acting as mules or mule herders were filed in the Southern District of New York. The international fraud ring, based in Eastern Europe, was responsible for stealing more than $3 million from small businesses and municipalities.

The ring recruited young adults who had J-1 Visas through Russian social network sites. The mules were then provided with fake passports. Once in the United States, they opened bank accounts under aliases. The accounts were destination points for ACH transfers from compromised victims’ accounts. The illicit funds were either sent back to Eastern Europe via ACH or the mules withdrew cash from an ATM and smuggled it overseas.

Be On the Lookout

The unequivocal knowing mules are those who enter the illicit arrangements fully aware of the illegal nature of what they are doing. Money mule transactions, particularly from mules acting complicity with the crime group, represent a serious anti-money-laundering compliance threat to which financial institutions may be subject to punitive fines. Identifying money mule accounts is a challenge for anti-money-laundering programs. The Federal Deposit Insurance Corporation has highlighted additional red flags that can be used to help identify mule activity, which can be found in a previously reported Security Intelligence article, “Money Mule Targets: The Extremely Gullible and Financially Distressed.”

More from Banking & Finance

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…