I like reading my spam. Sounds strange? Perhaps it is, but from the perspective of an eCrime investigator, there’s often something interesting inside a spam folder.
One day I was going through the spam folder of my inbox and came across an interesting job offer. A company was looking for people who could speak English, had an email box and a PC, could work unsupervised, and had no criminal record.
Cool, I fulfilled all the criteria! It seemed like the perfect opportunity for a career change so I sent in my reply: “Oh yes, what do I need to do?”
In no time at all, I received an answer: “We are glad to inform you that you have been chosen for this position. Welcome”. The reply also explained that my new job was a “payment processing manager”. All I needed to do was to receive money in my bank account and transfer it to another account. Very tempting offer, but I decided to stay in my current career.
Why? Because the job offer was a criminal scam. Criminals dupe victims with such offers into helping them launder money. They were trying to recruit “money transfer agents” — also known as money mules. Typically, these money transfer agents or financial operators are promised a 5-10 percent commission for “processing payments” or “transferring funds” through their personal bank accounts.
The mules are asked to set up a new bank account in a local bank and send over the account number. After this, the money starts to flow in. It may be money the criminals are making from online banking scams, stolen credit card numbers, auction fraud or other illegal activities. The mules are instructed to withdraw it in cash and send it further by using money transfer services like Webmoney, E-Gold, Fethard or Western Union. These transfer services can be used for good or bad motives, but the key thing is that they are irreversible and anonymous, making it much harder for investigators to follow where the money goes and catch the criminals.
There are many ways in which criminals use the Internet to recruit money mules. Most common are spam messages and unsolicited emails, as well as job adverts placed on real recruitment sites. Sometimes criminals create (or clone) professional web sites that look perfectly legitimate to the untrained eye or steal the whole template for a web site from a reputable company. On rarer occasions a reputable wesite is ripped off or hacked by criminals and used to host the mule site. In all these cases the criminals aim to convince the job seekers that the employment opportunity is made by a genuine, legal company.
The promise of easy money for a few hours of simple work has lured many people to sign up as money mules. But when the police and banks uncover these cases, the trail always leads only as far as the money mule, not the real criminals. It is the money mule at the bottom of the crime chain who is the first to get caught.
The consequences can be serious. People suspected of receiving and forwarding stolen money may have their bank accounts frozen while they are being investigated. Becoming a money mule can also ruin a person’s credit history and lead to criminal charges.
In one particular attack against a large European online bank system, the real attackers were never found. They infected tens of thousands of home computers with a banking trojan. The trojan modified online transactions on-the-fly while people were doing their normal banking. The trojan wired money from the victims’ accounts to hundreds of accounts that were set up for this purpose.
The accounts had been created by local money mules, and as the accounts were in the same bank that was being attacked, the money was moved without any interbank delays. In this case the money mules were informed with text messages that the money had arrived and they were supposed to wire it to Central Europe via Western Union. The real criminals were never found, but over 200 local money mules were charged in court. Some of the money mules turned out to be grandmothers who were trying to make some extra money with “an easy part-time job”.
So in the end I’m glad I decided to stick with my current job. On the Internet if something looks too good to be true, it often is.