Breaking the money mule’s back

Nowadays, cybercriminals open up to 90% of the accounts they use for money laundering, and that rate is growing.

In any bank fraud scheme, the criminals need to move funds to clean accounts or cash them out, and that means laundering. To cover their tracks, they transfer funds, first to money mules and thence somewhere else. At RSA Conference 2021, representatives of several major US and Australian financial institutions held a panel discussion on the topic of money mules and the changing landscape, concluding that the fight against money laundering is a top priority for the financial sector.

Pandemic-related changes in mule behavior

Historically, operators of fraudulent schemes tended to use the accounts of existing bank clients for laundering purposes. The scammers gained access to them in one of three ways:

  • By seizing control over legitimate accounts of unsuspecting bank clients by means of phishing or financial malware;
  • By gaining victims’ trust through a sob story, for example about urgently needing money for medical treatment and not being able to use their own account because of an overdue payment;
  • By recruiting online.

In the latter scenario, mules were complicit and received a cut.

Nowadays, cybercriminals open up to 90% of the accounts they use for money laundering, and that rate is growing.

In the past two years, we have also witnessed many personal data leaks, some quite large. The dark web market for data sufficient to open a bank account is both vast and affordable. Therefore, using the data of an unsuspecting citizen to transfer even relatively little money may be economically justifiable.

In addition to the above, the COVID-19 pandemic has caused major damage to many companies around the world. Some have been forced to close. Various countries are trying to help with grants to both businesses and individuals. Many banks have made it easier for those in need to get emergency loans. Many have simplified provisional credit checks, leading to a spike in the number of mules.

Why you don’t want mules as clients

Some banks pay little attention to incoming cash flows, especially if the amounts of cash are not very large. Generally speaking, bank security services have tended to focus on protecting customers and identifying attempts to hijack accounts. Moreover, a professional money mule who opened an account using someone else’s documents looks like a legitimate client simply receiving money.

But even though mules do not harm banks directly, they don’t make good clients. For one thing, they don’t stay long and don’t tend to bring banks any substantial profit. That would already be reason enough not to want mules in the system. Second, associating with mules carries potential for serious reputational damage. No bank wants to be known for aiding and abetting illicit activity. Third, at some point, investigations of cybercriminal operations inevitably attract the attention of law enforcement agencies and regulators. Commissions from mule-related transfers simply do not come close to balancing the costs involved.

How to identify mules among clients

Sophisticated money-laundering schemes involve equally sophisticated tricks including the use of automation tools, proxy servers, remote administration tools, and the Tor network — all to discourage the linking of new schemes with previously identified fraud and laundering tricks. Combating such advanced operations requires specialized tools for timely cross-channel detection of money-laundering schemes.

Kaspersky Fraud Prevention provides such capabilities, analyzing the devices cybercriminals use to connect to mule accounts, as well as login patterns and many other signs, enabling you to determine whether a client is involved in an illegal scheme. For more details about the solution, see our Kaspersky Fraud Prevention page.

Author – Nikolay Pankov


a demo

We are sure there is nothing better than solving the real-world issues. Get in touch with us.

Get in touch