'Money Mules': The Hidden Side of PhishingBy Ryan Naraine | Posted 10-16-2006
The ads appear innocently on all the major employment listing sites, offering stay-at-home positions titled "shipping manager," "private financial receiver" or "sales representative."
These, however, are active attempts at enlisting peoplemostly in the United States, the United Kingdom and Australiato transfer illegal funds from credit card thieves operating out of the former Soviet Union, according to an investigation by VeriSign's iDefense security research outfit.
"This is the other side of phishing that most people never see or hear about. But, it's probably the most important part of the attack," said Ken Dunham, director of the Rapid Response Team at iDefense, in Dulles, Va. "Without the money mule, they really can't do anything with stolen credit card credentials," Dunham added.
For more on this topic, read Online Fraud: Hired Gun Hunts Phishers
Using hijacked PCs in well-stocked botnets, crime rings have hit pay dirt via adware installations, spam runs and phishing e-mails that attempt to trick users into entering log-in credentials on fake sites.
Once the phish is successful and the malicious attacker has access to credit card and bank log-in details, there is a desperate need for a money mule in the same country as the victim to handle money transfers or to reship items to the fraudster.
Read the full story on eWeek: 'Money Mules': The Hidden Side of Phishing