26
Apr 10

To Catch a Mule

facebooktwittergoogle_plusredditpinterestlinkedinmail

Much digital ink has been spilled in this blog detailing the activities of so-called “money mules,” willing or unwitting individuals here in the United States who are lured into laundering money for international organized cyber crime gangs. The subject almost always generates fierce debate among readers about whether these mules should be prosecuted, and the debate usually hinges on whether the mules knew that they were contributing to a crime.

Of course, ignorance of the law is no excuse, and this blog entry is in no way meant to defend the mules. But I did want to shed more light on the efforts that some mule recruitment gangs take to help potential mules believe they are in fact working for a legitimate company.

Take, for example, the efforts of what we’ll call the “Back Office,” mule recruitment gang — so named because the Web sites used to recruit and manage these folks almost always include the term “backoffice”. Potential Back Office mules are recruited via e-mail, with a message stating that the employer found the recipient’s resume on a job search site and would he or she be interested in working as a financial agent in an international finance company?

Those who respond are directed to create an account at a Back Office site, and from there the new recruits are processed through a series of interviews. According to conversations with multiple mules recruited by the Back Office gang, the process normally starts with a lengthy telephone interview, wherein the recruit is asked about his or her work history, ethics and attitudes.

Following the verbal interview, mules are asked to complete a lengthy questionnaire that asks roughly three dozen questions, including many that one might expect to find in a legitimate interview for a professional position.

“How do you evaluate success?”

“What classes or seminars have you taken on your own during the last three years to advance your careers and personal growth?


Tags:

28 comments

  1. Thanks again Brian for keeping this issue alive and in public awareness.

    I don’t think we could ever overstate the importance of your blog in getting any public awareness of this issue at all. You make it quite clear that this is not just something of interest to computer and security geeks.

  2. Great articles on cyber-fraud and its many attributes.

    Two comments on this article; (1) it seemed like it was meant to be longer but was cut off, and (2) you do not mention the risks the money mules have taken but supplying a lot of non-public personal information with the fake employers (SSAN, Bank Information, Address, etc).

    I do not support the mules and would like to catch them before they act but they are also at high risk for identity theft.

  3. Regardless of how legit these things may initially appear, they NEVER quite pass the smell test for me. I understand how people can become desperate and can get into these things either unknowingly or knowingly. Believe me, I’ve been there.

    May be some of us have a sixth sense about these things and thus they never pass the smell test. Then again, it could be my highly critical nature and cynicism. ;)

    Or it could be something larger. From observing people’s behavior over the years, I’ve noticed many seem to have blinders on. They go about their lives oblivious to many things around them and to how their actions affect others. I don’t know if we’ve become outright lazy in our thinking or we’ve cultivated a lack of critical thinking skills in our society as a whole.

    • If intelligence is the ability to adapt to change, you would predict that the people least able to interpret a financial “smell test” would also be more likely to end up out of work in a recession.

      And you have to accept that some people’s education and reading skills are really not adequate. If someone can’t spell or use correct grammar himself, he does not have the ability to spot one of the most obvious signs of a scam, poor English style.

      Don’t assume these sorts of judgments are as easy for everyone as they are for you. If you’re reading this blog, most likely you went to schools where students were expected to do a significant amount of reading, and you probably had parents who made a point of correcting poor grammar and spelling when you were small. You probably have even added words to your vocabulary from reading rather than hearing them. If you see a long section of text, you have the choice of reading it carefully or skimming it. For someone with a low reading level, who may have attended one of the famous “failing schools,” it’s like reading a foreign language, decoding one word at a time while trying to develop a sense of the whole. It’s just harder for some people than for others.

      • What a pile of hooey! People fall for scams because they are greedy or desperate. The Nigerian bank scams and foreign lottery scams were doing fine long before the recession began.

        What evidence do you have that the loss of jobs in a recession correlates to the response rate to scams? Or that falling for scams is related to education, reading skills, and intelligence?

        According to the Bureau of Labor Statistics, financial activities shed 21,000 jobs, with the largest losses occurring in insurance carriers and related activities in March 2010. Employment in the information industry decreased by 12,000. Both groups tend to have high levels of education.

        http://www.bls.gov/news.release/empsit.nr0.htm

        Although the unemployment rate is much higher for people with less education, that has always been the case, and hasn’t changed over the last year.

        http://www.bls.gov/news.release/empsit.t04.htm

        • I wasn’t trying to make any statistical statement about the recession. I’m just trying to encourage people to see things from another point of view before passing judgment. If you have poor reading skills, it looks like a job, not a scam. If you have poor math skills, you aren’t calculating what your effective hourly reimbursement will be. Are you greedy if you expect to be paid when you work, or if you prefer an easy job that pays well to a difficult job that pays poorly? In a world where people make money to take experimental drugs or to donate eggs for IVF, is it so difficult to believe that making money transfers for someone who can’t physically visit the bank can’t be a legitimate job?

          People who fall for the Nigerian scams may well get into it knowing they are doing something illegal, but they believe they will get away with it. In contrast, if money mules understood they were doing something illegal, they would also know they had no hope of getting away with the crime, since the bank accounts are in their names.

          And as far as personal evidence, I do know people who have nearly been sucked into these schemes and who asked me to advise them. They did the best they could to figure out if there was a catch, but they would have been taken in if no one had been available to explain it to them.

          • You make a good point. Although there will be some that suspect this is an illegal activity I would bet the majority don’t.

            Anyone who has stayed up late working with the TV on will have seen many advertisements for easy ways to make a fortune in just a few hours a day by just following a few steps in someone’s new money making scheme. You don’t need any special skills or knowledge, just follow a few easy steps in you spare time. This is accompanied with success stories, average joes standing by their new car, in front of their new house, who made x thousand dollars in the first week.

            And these are advertised on all the major cable channels, usually with a quick disclaimer at the beginning that the station is not endorsing it. There have to be many people falling for these “get rich quick” schemes to justify the advertising. So I don’t find it that unusual that people would fall for the more sophisticated job scams on the internet.

            Frankly, I feel anytime you can make a lot of money in a few hours a day with no special skills, even if it’s legal, someone is getting ripped off. The lure of making more money than your neighbor, having a fancier car or a bigger house seems to suspend moral judgement with a lot of people. This is what the ‘money mule’ recruiters rely on. And it will make no difference how many ‘mules’ you arrest or how severe the punishment, there will always be more standing in line for the job.

            The solution is in reducing the number of bots installed. This can be done by requiring registrars and web hosting sites to respond more quickly to reported abuse. These are the people who should be fined and or arrested for blatantly disregarding the criminal activity in which they played an important role.

        • Statistics don’t lie, the conclusions drawn from them however are quite often faulty.

          “pile of hooey!”
          I don’t see that your references support that conclusion.

          “Both groups tend to have high levels of education.”
          First, the groups you mention, financial and information, were not the only groups which lost jobs.
          Second, within these groups there are many jobs which do not require higher education.

          “Although the unemployment rate is much higher for people with less education, that has always been the case, and hasn’t changed over the last year.”
          If the unemployment rate is much higher for people with less education and the employment rate has risen over the last few years, then it follows the number, not the percentage, of unemployed with less education has risen as well.

  4. Great article. Makes it much clearer how these predators operate. Every new piece of information demonstrates what a well designed racket this is.

  5. Brian

    “Working as a financial agent in an international finance company” comprises part of the job description? How could someone who is “in finance” be duped this easily? And if you have no finance experience, I wonder what kind of questions the potential mule is asking? For a finance job, most people would prepare for the job by doing some type of background search on the company. The whole thing smells fishy, and to me, I still think the mules should be prosecuted because they didn’t do any do diligence on their part. Plus, a multitude of red flags should go off when you get instructions to send money using Western Union. We know “the company” has the mule’s banking information. Of course the company isn’t legit – and even if we pretend – it should bank with a real financial institution. So why not transfer the money to another financial institution instead of using Western Union? To me, this scam is an update on the emails from the “financial advisors” who work for African princes who need to get money out of “X” country. Why shouldn’t the mule go to jail, they were involved in a crime. It’s like the cyber version of receiving stolen property.

  6. Have any mules ever duped the gangs with a ton of fake personal info, collected their check, cashed it out at a check cashing place, and then walked?

    • “their check” is stolen funds. All this behavior would do is transform the mule from an unwitting innocent intermediary to a consciously larcenous thief.

    • I don’t think that I would want to double-cross any of these guys. There are just too many ways for them to find out who you are.

      Yes, you may be able to put fake information on an applications, but you have to have a real bank account for this to work. If they can get the money from a small business account, then they probably can find out who the ‘send to’ account belongs to.

      Since most of these crooks are in Eastern European countries and Russia, I don’t think I would take the chance.

      Plus, like InfoSec Pro mentioned, you have crossed the path from possibly being an unknowing accomplice, to outright thief. Now, you’re in trouble.

      • Just to clarify, I’m not advocating it.

        It seems there are enough of these specific operations floating around that they would have started planting mules and ripping each other off at this point. (If you’re looking for an analogy, drug gangs raid and rip each other off with amazing frequency to control turf and marketshare.)

        Brian’s (excellent) post here links to an extensive ‘vetting’ process the gangs have put into place to dupe the mule into believing it’s a real company. But I am wondering if the vetting process is also to help convince the other side that they’ve got a gullible mule – and not someone looking to rip /them/ off.

        • Exactly. Some of the more open-ended questions would allow someone with a real financial or other professional background to state their qualifications and goals. To protect themselves, Back Office can simply reject the smart guys.

          A real international finance outfit would purchase such a questionnaire from a psychological testing outfit. This one is totally amateurish — no human resources department would have anything to do with it. Most professionals would be put off by it and proceed no further. Who wants to work for Dilbert’s boss?

  7. Dealing with the mule is shutting the stable door after the horse has bolted.
    Once the money has left the bank account it’s gone.
    It’s only a small step from gangs having mules to them having mule accounts – with owners knowing nothing about money passing through the accounts.

  8. Maybe the US Federal Government should give “Western Union” and any other outfit like Western Union a big fine for allowing these money mule funds to be transferred through them. Isn’t that being part of the criminal act also?

  9. Mr. Krebs,

    In the past I have asked you if their is anyone interested in knowing about money mule recruitment, I, like many have your readers, have received the come-ons from MM recruiters. Who do we tell?

    If the recruiting e-mail mentions a specific bank, I have tried searching the bank’s website and sending a message to the bank’s security or fraud office, but have never heard back. From talking to a local banker, I found many of them have e-mail filters that reject messages from unknown senders. It seems they are burying their heads in the sand.

    It seems to me that everyone knows that MMs are a part of the problem yet no one wants to do anything about it.

    If you were to investigate and report on how to expose MM recruiters to relevant authorities, that would be a great service to the InfoSec community.

  10. While I agree there seems to be a laziness / lack of diligence from the mules, the victims are also lazy / lack of diligence, into not protecting themselves and further thinking /checking with the bank when the scam happens…

    Everyone in this scam is caught off guard. And the victim sees this one person that “could have a difference” and throw their wrath upon them…

    Blaming the mules does not take away the fact a corporate/business computer was used for personal browsing (or any browsing at all, period) and that is the basis for the attack. IMHO, not the mule

  11. If these mules were responsible, aka fined, for their actions.
    This would stop. Law makers should hold them accountable for 10x the money they transfer. Have their property seized immeadiatly.
    The funds could pay for law enforcement, legal fees and the impacted business.

  12. I propose that each US Attorney conduct a very public prosecution of a money mule in his/her district. It is likely that most of these prosecutions would fail on the issue of criminal intent, usually necessary for a felony conviction. But the public good would be served by the publicity — educating potential mules in each major TV market.

  13. I disagree with emv x man when he says that identifying the money mules is like closing the barn door after the horse has excaped.

    Identifying the money mules before they receive the money will give the authorities two avenues to attack. At a minimum, the authorities will be able to identify the attacked company at or before the money goes overseas. Secondly, the authorites can take and further develop the e-mail thread with the bogus employers to hopefully close in on, or at least close down, the people operating a particular bogus employer site.

    Money mules are the key to the whole scam. The bad guys can’t move the funds in sufficient quantity without a number of mules.

    The financial institutions should be using their Bank Secrecy Act/Anti-money laundering training to target the money mules at or shortly after account opening.

  14. Brian, did the mules steal the rest of your article too? :-)