Last week we reported that the U.S. Justice and Treasury Departments filed charges against and placed sanctions on the members of “Evil Corp.,” the criminal group behind the Dridex malware. Brian Krebs offers a detailed look at how Evil Corp. operates, and particularly at their use of money mules to launder criminally obtained funds. Krebs says criminals often target people who are seeking employment and they often use fake job offers to draw people in for their phishing scheme.
Money mules are, essentially, people who transfer illicitly obtained cash. “Money mule recruiters tend to target people looking for part-time, remote employment, and the jobs usually involve little work other than receiving and forwarding bank transfers,” Krebs explains. “People who bite on these offers sometimes receive small commissions for each successful transfer, but just as often end up getting stiffed out of a promised payday, and/or receiving a visit or threatening letter from law enforcement agencies that track such crime.”
Krebs also notes that the US Justice Department and Europol this month both launched a campaign to raise awareness about how people are recruited to be money mules. People should be wary of vague or odd job offers, especially if the job involves transferring money. Europol says the most frequently targeted people are “newcomers to the country (often targeted soon after arrival) and unemployed people, students and those in economic hardship.”
Krebs points out that money mules are central to the criminal business model, because without them it would be much harder for crooks to actually use the money they’ve stolen. Spreading awareness is one of the best ways to prevent people from being roped into these schemes.
“It’s good to see more public education about the damage that money mules inflict, because without them most of these criminal schemes simply fall apart,” Krebs writes. “Aside from helping to launder funds from banking trojan victims, money mules often are instrumental in fleecing elderly people taken in by various online confidence scams.”
New-school security awareness training can educate your employees about these types of schemes so they can recognize if they themselves or someone they know is being targeted by a criminal recruiter.
KrebsOnSecurity has the story: https://krebsonsecurity.com/2019/12/inside-evil-corp-a-100m-cybercrime-menace