Light Dark
September 11, 2014 By Brooke Satti Charles 3 min read
Fraud Protection
Banking & Finance

For a more recent article on money mules, read “How Cybercriminals Use Money Mule Accounts to Profit From Online Fraud.”

A money mule is someone who receives and transfers illegally acquired money on behalf of others. Money mules may or may not receive a commission in return for their involvement. They have played an important role in fraud and money laundering for decades. Some mules are aware that they are part of an illicit scheme, while others are unaware or merely suspect it. As new technologies and trends emerge, money mules and criminal organizations exploit systems to defraud people.

Visa Waiver Program

Recent trends are showing that money mule herders, people who specialize in recruiting and organizing mule activity, are starting to utilize the U.S. government’s Visa Waiver Program (VWP) for their illicit activities.

The VWP is an international agreement between 38 countries. The U.S. State Department states that it currently allows citizens of participating countries to travel to the United States without a visa for stays of 90 days or less if they meet certain requirements. Travelers must be eligible to use the VWP and have a valid Electronic System for Travel Authorization approval prior to travel. The VWP permits travel within the United States for purposes of tourism and certain business activities.

VWP mule activity has been observed in the past 12 to 18 months. The activity, to date, involves young adults from VWP countries being recruited to travel to the United States and open deposit accounts. Upon their arrival, the mules will open multiple bank accounts at various financial institutions in their true name and then provide the bank account information to their handlers.

The scheme usually involves an electric funds transfer deposit to the mule account, but it has also been used to deposit tax refund checks obtained through tax refund fraud schemes. The mules know that they are involved in an illicit scheme, but they don’t likely view what they are doing as illegal. Furthermore, they believe — or have been told — that they are beyond the reach of U.S. law enforcement once they are back in their home country.

Mobile Money Mules

Another potential emerging trend has to do with money mules and mobile devices. There is little if any data on this trend, though it is certainly on the rise.

The concept of the mobile money mule will make its way onto the landscape of fraud and money-laundering vectors over the next few years, for which financial institutions will need to account.

It is evident that consumers desire the ability to perform banking transactions on their mobile devices. A review of data about mobile banking adoption from the Federal Reserve Board found the following:

  • Thirty-three percent of all mobile owners and 51 percent of all smartphone owners have used mobile banking in the past year.
  • Twelve percent of mobile phone owners who are not using mobile banking now think that they will in the next year.
  • Ninety-three percent use mobile banking to check balances.
  • Fifty-seven percent use mobile banking to transfer money between accounts.
  • Thirty-eight percent have deposited a check in the past year, up from 21 percent in 2013.
  • Seventeen percent have used their phone to make a payment in the past year.
  • Sixty-six percent of the mobile payments were bill payments through an online banking system.

Recent history has shown that cybercriminals proficiently adapt and exploit new technologies and trends. As consumers increasingly adopt mobile banking technology, there will naturally be a demand to do more types of transactions from their mobile device. Financial institutions will strive to provide customers with the option to do everything via mobile that they can do now at a physical branch. The customer experience and lower cost of transactions will drive that expansion.

This technology will not likely change the money mule process; however, it may make it easier for criminal syndicates. They will have the ability to establish new accounts through the mobile channel rather than having the money mules physically go into a branch. This removes the potential detection of suspicious account openings through human interaction.

The ability to open accounts and direct all other transactions through the mobile channel will increase the velocity with which criminal groups may operate. This gives them more flexibility in the way they communicate and interact with their mules.

One may speculate that increased mobile transaction offerings may eliminate the need for criminal groups and mule herders to recruit money mules. If new accounts could be opened and all other transactions could be executed via mobile, why would a money mule be needed? Accounts could be opened in fake names with fake credentials as they are today, but from the mobile platform. Electronic fund transfers could be initiated out of the financial institution to a third party from a mobile device. The less human interaction that is needed, the more flexibility is provided to the criminal.

It is challenging to anticipate the ways in which mobile banking will enable criminal groups’ ability to commit fraud and launder money through the use of money mules. What is known, based on past evidence, is that they will adapt and exploit new technologies and services.

 |  |  |  |  | 
Brooke Satti Charles
Financial Crime Prevention Strategist, IBM Security

More from Fraud Protection
October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature