There are now tens of millions of people suddenly unemployed, looking for ways to make ends meet.
Low-life cyber scum started exploiting the skyrocketing number of these pandemic
layoffs to recruit new money mules which can later be used to help them launder
money gained from illicit activities.
Some phishing messages discovered by PhishLabs researchers are trying to convince targets from Canada and the United States who might have lost their jobs due to the COVID-19 outbreak to start working from home, promising them 5,000 dollars per month.
The potential victims are not provided with any other info regarding what the remote jobs require but are instead asked to request more info via email.
Personal assistant jobs used as a lure
Others impersonate Wells Fargo Human Resource (HR) representatives who are supposedly recruiting remote workers from across the United States to take up personal assistant positions that require running errands and doing personal chores.
"Our great company is now short of staff because of the current pandemic outbreak in the works which is very sad," the fraudsters say. "This is a part time job if you interested let us know by your response to this message." If the unemployed victim will accept the crooks' job offer they will be sent to run a series of common errands the PhishLabs report explains.
However, "[a]t some point, after the cybercriminal has ideally established trust and credibility, the victim will be given the task of moving funds that, unbeknownst to them, are stolen."
These scammers indiscriminately prey on any unemployed individuals who have lost their jobs during the pandemic and are exposing the accidental money mules to very serious legal consequences that could lead to prison time and fines of hundreds of thousands of US dollars.
"Money mules may be witting or unwitting accomplices who receive ill-gotten funds from the victims and then transfer the funds as directed by the fraudsters," according to a US Department of Justice press release.
"The fraudsters enlist and manipulate the money mules through romance scams or 'work-at-home' scams, though some money mules are knowing co-conspirators who launder the ill-gotten gains for profit," by draining the funds into other accounts that are difficult to trace.
There are now tens of millions of people unemployed, looking for ways to make ends meet:
FBI: Accidental money mules are still criminals
Money mule operations used by business email compromise (BEC) and other cybercrime schemes to launder their ill-gotten money can, at times, recruit hundreds of money mules.
They are later organized in international money laundering networks that, eventually, get hunted down by law enforcement and prosecuted (1, 2, 3, 4).
Last month, the FBI also warned about cyber criminals behind money mule scheme increasingly exploiting the public fear and uncertainty surrounding the COVID-19 pandemic.
"Acting as a money mule—allowing others to use your bank account, or conducting financial transactions on behalf of others—not only jeopardizes your financial security and compromises your personally identifiable information, but is also a crime," the FBI informed.
"Protect yourself by refusing to send or receive money on behalf of individuals and businesses for which you are not personally and professionally responsible."
What To Do About It
I strongly recommend you send the following to your employees, friends and family, they all will know someone who suddenly got unemployed. Feel free to copy/paste/edit:
"A new job scam is doing the rounds, preying on people that want to make 5,000 dollars a month doing work from home. It sounds like a great deal, but this scam is run by criminals that will try to use their victims for money laundering. If you get an email claiming you can make this much money to make ends meet since you or a family member was laid off due to the coronavirus pandemic, use your delete key. In general, be very careful with any Internet "work from home" schemes, many of these are fraudulent. Do not give out any personal information to these criminals and warn your family members and friends."
For KnowBe4 customers, check Phishing Email Templates, we have well over 5,387 template in our platform at the moment. New-school security awareness training will make sure that people are inoculated against scams like this.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!
