Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Money Mules: How A Data Breach Turns Into Cash

    money_mule

    Cybercriminals don’t want to be caught, so after a data breach, they use unsuspecting people as “mules” to launder money using a sophisticated shipping scam.

    Once a cybercriminal gets their hands on thousands of credit cards, now what? They obviously can’t go on a shopping spree and have everything shipped to their house, right?

    Instead, they rely on a high-tech mix of services and scams to turn the stolen credit cards into stolen goods. It starts with shipping labels – a critical part of the scam. Black market services exist to print labels with carriers that are sold to cybercriminals – often by those proficient in taking over accounts with access to shipping services.

    But labels alone don’t get the job done; to remain unknown, cybercriminals need a “drop network” – which includes a group of unsuspecting individuals who act as “mules” to receive good purchased with the credit cards and ship them to their next destination.

    Criminals place job listings on trustworthy job-posting sites posing as legitimate shipping businesses. The shipping labels are used by the mules to send the goods to the next link in the drop network chain. The mules are almost always kept in the dark about the actual scheme and have no idea that they’re working for criminals.

    Eventually, the goods will be shipped to an arranged buyer or will be resold using online marketplaces like Amazon or eBay. Through the use of drop networks, criminals distance themselves from the original crime, making it difficult to identify them as the perpetrator.

    While the focus of this scam is individuals and not organizations, even those within your organization may need extra income and become a part of a cybercriminal drop network without knowing it.

    And, remember, we’re talking about one of your users developing a working relationship with a cybercriminal that has originally stolen valuable data from another company – don’t you think if they realize there is an opportunity to take advantage of one of their mules to do it again, they won’t?

    Employees need Security Awareness Training to understand how these scams work, to spot this type of activity, and to keep it from taking place within your organization.

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Data Breach

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews