Cybercriminals don’t want to be caught, so after a data breach, they use unsuspecting people as “mules” to launder money using a sophisticated shipping scam.
Once a cybercriminal gets their hands on thousands of credit cards, now what? They obviously can’t go on a shopping spree and have everything shipped to their house, right?
Instead, they rely on a high-tech mix of services and scams to turn the stolen credit cards into stolen goods. It starts with shipping labels – a critical part of the scam. Black market services exist to print labels with carriers that are sold to cybercriminals – often by those proficient in taking over accounts with access to shipping services.
But labels alone don’t get the job done; to remain unknown, cybercriminals need a “drop network” – which includes a group of unsuspecting individuals who act as “mules” to receive good purchased with the credit cards and ship them to their next destination.
Criminals place job listings on trustworthy job-posting sites posing as legitimate shipping businesses. The shipping labels are used by the mules to send the goods to the next link in the drop network chain. The mules are almost always kept in the dark about the actual scheme and have no idea that they’re working for criminals.
Eventually, the goods will be shipped to an arranged buyer or will be resold using online marketplaces like Amazon or eBay. Through the use of drop networks, criminals distance themselves from the original crime, making it difficult to identify them as the perpetrator.
While the focus of this scam is individuals and not organizations, even those within your organization may need extra income and become a part of a cybercriminal drop network without knowing it.
And, remember, we’re talking about one of your users developing a working relationship with a cybercriminal that has originally stolen valuable data from another company – don’t you think if they realize there is an opportunity to take advantage of one of their mules to do it again, they won’t?
Employees need Security Awareness Training to understand how these scams work, to spot this type of activity, and to keep it from taking place within your organization.