Previous posts have discussed how cybercriminals adapt their ploys to conform to societal conditions; therefore, it’s no surprise that all types of employment scams have emerged in response to the global recession. We recently posted about an online employment scam, known as a mule operation, that is becoming more prevalent. Cybercriminals prey on desperate job seekers by posting fake job ads and “hiring” applicants to ship goods with stolen funds. At the end of the scam, the “mules” unwittingly participate in an illegal operation and are left without a job or any type of compensation. In these situations, the mule ships actual goods, but another type of mule is aiding phishing scams at an even more alarming rate.
Known as “money mules” or “phishing mules,” these participants aide cybercriminals by illegally transferring money from compromised bank accounts. The phisher steals a victim’s personal account information and gives it to the mule, who typically also has an account at the same bank. After accessing the victim’s account with the stolen information, the mule then illegally transfers money to his/her own account and wires a portion of the funds to the cybercrook, keeping a percentage of the stolen cash as commission.
Cybercriminals use mules to commit cyberfraud because it makes tracking the crime that much more difficult. Mules also allow crooks to make several transfers without tipping off bank alerts that are triggered when a large sum of money is transferred (usually anything over $10,000). A 2007 article estimates that mules are used in 10,000 to 20,000 cyberfrauds annually. Over the last few years, this scam has become even more popular. In 2009, the FBI’s Internet Crime Complaint Center (IC3) reported that cybercriminals used money mule scams to steal approximately $100 million from small to mid-sized businesses.
While mule operations dupe job seekers into participating in illegal actions, not all money mules are unaware of their involvement in a crime. Graham Cluley, Senior Technology Consultant with Sophos, said that cybercrooks often prey on those who are desperate for money and unaware that the “job” is illegal. However, other participants are fully aware of their involvement in a cybercrime. “We’ve seen gangs trying to recruit mules, appealing to working moms and the like, saying they can make loads of money from home,” Cluley said. “Some people don’t know what they’re involved in and are just being manipulated. Others do know what’s going on and are willingly helping squirrel money out of the country.”
The most common ploys used by cybercriminals to recruit money mules include work-at-home ads, mystery shopper jobs, and befriending over social networks. So even if you’re desperate for cash, remember that if an online opportunity appears to good to be true, it certainly is!