An online service boldly advertised in the cyber underground lets miscreants hire accomplices in several major U.S. cities to help empty bank accounts, steal tax refunds and intercept fraudulent purchases of high-dollar merchandise.
The service, advertised on exclusive, Russian-language forums that cater to cybercrooks, claims to have willing and ready foot soldiers for hire in California, Florida, Illinois and New York. These associates are not mere “money mules,” unwitting and inexperienced Americans tricked and cajoled into laundering money after being hired for bogus work-at-home jobs. Rather, as the title of the ad for this service makes clear, the “foreign agents” available through this network are aware that they will be assisting in illegal activity (the ad refers to them as неразводные “nerazvodni” or “not deceived”). Put simply: These are mules that can be counted on not to freak out or disappear with the cash.
The rest of the ad reads:
“We provide convenient service to our partners:
- Unique administrative interface – fast response
- We will react momentarily to any new task
- Adapt every action of a money mule to client’s requirements
- Timely payments via WebMoney/Liberty Reserve/Western Union, cash conversion with WU/MG
- Cashout of tax return, D + P (dump & PIN, cashout of debit cards stolen via skimming)
- Receive over mail or expensive merchandise pick up in a store
- Mules are available for other interesting transactions
We work only by reference.”
The proprietors of this service say it will take 40-45 percent of the value of the theft, depending on the amount stolen. In a follow-up Q&A with potential buyers, the vendors behind this service say it regularly moves $30,000 – $100,000 per day for clients. Specifically, it specializes in cashing out high-dollar bank accounts belonging to hacked businesses, hence the mention high up in the ad of fraudulent wire transfers and automated clearinghouse or ACH payments (ACH is typically how companies execute direct deposit of payroll for their employees).
According to the advertisement, customers of this service get their very own login to a remote panel, where they can interact with the cashout service and monitor the progress of their thievery operations. The service also can be hired to drain bank accounts using counterfeit debit cards obtained through ATM skimmers or hacked point-of-sale devices. The complicit mules will even help cash out refunds from phony state and federal income tax filings — a lucrative form of fraud that, according to the Internal Revenue Service, cost taxpayers $5.2 billion last year.
Foreign Agents is one of the more renowned complicit cashout services in the underground, and has been around for at least three years. The following screen shot was taken from an ad for this service that was placed in several parts of the underground back in 2009. The text reads, “Army of professional [knowing] mules in the USA awaiting your exact commands.”
It’s worth noting that the stereotypical complicit mule traditionally has been a student from Russia or Eastern Europe who is here in the United States on what’s known as a J1 visa, meaning they have the legal right to work for a few months and travel the country for a short time before heading back home. In 2010, the U.S. Justice Department targeted one such network in New York City, charging more than three dozen J1s with knowingly assisting in the theft of funds from organizations that had been victimized by cyber fraud. Most of those charged in that case were either incarcerated or deported, but federal investigators familiar with the crime say there are J1 money mule recruitment networks in nearly every major city in the United States today.