Blogger Highlights Role of “Money Mules”

Want to make thousands each month working from home? 

Great, here’s what you have to do. First, you give this company your bank account number. Then they’ll deposit some cash. Then you have to withdraw it, and wire it to Ukraine via Western Union. Sound good?

Not so fast. If this situation is anything like that described in a recent blog item from Washington Post computer security blogger Brian Krebs, it could be putting you in the position of a “money mule,” an important but low-level intermediary in certain cyber-criminal activities.

As Krebs explains, money mules are individuals employed to move money on behalf of fraud rings overseas. Sometimes, the mule knows the true purpose of the employ; sometimes he (or she) does not. In a recent attack on the Maine-based heating and hardware firm Downeast Energy & Building Supply, hackers stole a total of more than $200,000 from a compromised online bank account by transferring money from it to at least 20 U.S.-based individuals. The mother of one of the so-called mules tells the blogger her son had been recruited by a Rochester, NY-based brokerage firm whose Web site, it turns out, happens to be registered in China (its corporate Web site’s domain name, likewise, ends with a Chinese country code).

In a posting just a few days earlier, Krebs relayed an account of hackers who infiltrated computers at the Sanford School District in Colorado, and initiated transfers to at least 17 accomplices. As with the Downeast, the transfers were kept below $10,000 each to avoid being flagged under bank security protocols. Also similar was the recruitment of the accomplices through “work-at-home” promises.

If you want to read more about how such recruitment has taken place in the past, turn to yet another great Krebs piece, this one appearing in The Washington Post in January 2008. Here, the reporter explains how a recently laid-off single mother was recruited to work for what she thought was an Australia-based marketing company that had spotted her resume on an online job site but actually turned out to be a scam operation that tied her PayPal account to a fraudulent eBay auction. The FBI’s Internet Crime Complaint Center warned about work-at-home scams in February, having received numerous complaints about the problem.

Hopefully, greater awareness will lead to less people falling for such schemes. Unfortunately, tough economic times likely mean all the more people will remain vulnerable.