'Money Mules': The Hidden Side of Phishing

By Ryan Naraine  |  Posted 10-16-2006
The dramatic rise in phishing and identity theft attacks includes a well-organized offline component—the not-so-innocent "money mule" recruited by fraudsters to launder stolen money across the globe.

The ads appear innocently on all the major employment listing sites, offering stay-at-home positions titled "shipping manager," "private financial receiver" or "sales representative."

These, however, are active attempts at enlisting people—mostly in the United States, the United Kingdom and Australia—to transfer illegal funds from credit card thieves operating out of the former Soviet Union, according to an investigation by VeriSign's iDefense security research outfit.

"This is the other side of phishing that most people never see or hear about. But, it's probably the most important part of the attack," said Ken Dunham, director of the Rapid Response Team at iDefense, in Dulles, Va. "Without the money mule, they really can't do anything with stolen credit card credentials," Dunham added.

For more on this topic, read Online Fraud: Hired Gun Hunts Phishers

Using hijacked PCs in well-stocked botnets, crime rings have hit pay dirt via adware installations, spam runs and phishing e-mails that attempt to trick users into entering log-in credentials on fake sites.

Once the phish is successful and the malicious attacker has access to credit card and bank log-in details, there is a desperate need for a money mule in the same country as the victim to handle money transfers or to reship items to the fraudster.

Read the full story on eWeek: 'Money Mules': The Hidden Side of Phishing