Jump to ↓
| What is money mule fraud? |
| A shadowland of knowing and unknowing participation |
| What financial institutions can do to prevent money mule fraud |
Today, modern financial and institutional services contend with a host of threats to digital security, including identification fraud. Although increasingly these threats stem from large-scale compromises of user data perpetrated by skilled (albeit illicit) actors, the tactics of social engineering, manipulated trust, and account holder complicity all still play a crucial role in fraud.
One form of individual-level involvement in larger illicit economies is the so-called money mule scheme — a type of fraud that uses existing account holders to move sums of money in and out of financial services firms, including banks, payment services, and cryptocurrency wallets.
What is money mule fraud?
The way money mule fraud works is simple: an illicit actor contacts a potential money mule — often through social media or other digital means — and convinces or coerces them into accepting a deposit of money into their legitimate account with the intent of dispersing the money to a number of other recipients.
Money mules are individuals who — either knowingly or unknowingly — allow their banking credentials and accounts to be used to move money, often playing a key role in these illicit schemes. In most cases, this money flowing through money mules’ accounts comes from other illegal activities, including proceeds obtained from ransomware attacks or drug or human trafficking.
A shadowland of knowing and unknowing participation
In a way, money mule fraud serves as a form of micro-laundering: illicit gains are run rapidly through small consumer accounts rather than disguised within the transactions of larger organizations. This process of hiding and laundering money has more or less replaced the use of wire transfer services for this purpose, while newer technology, such as cryptocurrency wallets, have added an additional layer of anonymity to digital money flows. However, the heart of successful money mule fraud is dispersal of illicit gains into smaller and harder-to-trace accounts, usually conventional currency ones run by ordinary people. In fact, the practice has become so common that in some places willing participants can download an app to their phone to quickly facilitate such illicit transactions.
Indeed, there is a shadowland of knowing and unknowing participation. Often money mule fraud depends on social pressure from friends, family, or online romantic interests to provide a favor for a person who says they have temporary reasons why they cannot use their own accounts. The potential mule may not realize that the funds running through their own legitimate accounts are from illicit activity.
Fraudsters also can represent themselves as legitimate businesses — for instance, posing as import-export firms — and recruit remote employees or contractors who are made responsible for what they think is basic third-party service provision for accounts payable/receivable. Willing participants in these money mule schemes often receive a commission; for example, by being told that they can keep a portion of the illicit money fraudsters eventually deposit in their account after the mule sends the rest of the money out to other recipients. Nonetheless, these money mules can be held legally liable and face charges, regardless of their full understanding of the scheme.
What can financial institutions do to prevent money mule fraud?
Banks need to be on the lookout for signs of money mule fraud, such as multiple accounts set up all at once, unusual amounts of money moved quickly in and out of an existing account, or off-hours digital transactions.
Not surprisingly, money mule schemes can also be connected with other forms of identity fraud, including account takeovers, credential theft, the use of synthetic identities, and increasingly sophisticated phishing attempts. For example, a money mule may agree to a one-time deposit and transfer only to find that their credentials have been captured in the process, leading to the opening of new credit card or money accounts in their name.
Still, banks and other financial organizations should actively encourage their customers to report suspicious solicitations about moving money through an account. Financial institutions also should be prepared to share information about digital fraud patterns they have encountered with peer organizations and government oversight agencies. Centralized information clearinghouses such as The World Economic Forum’s Partnership Against Cybercrime offer a valuable source of information on this rapidly evolving threat.
Educating customers, as well, of current trends in fraud can help to prevent fraud. Education on the topic can also help inform consumers about the increasing skill level of today’s financial fraud perpetrators. Institutions themselves may be convincingly imitated by fraudsters and can cause losses both for the institution and their customers. Financial institutions also may be able to detect money mule activity by using existing digital screening tools that screen IP addresses and device signatures for atypical transactions. The same is true of innovative techniques such as behavioral biometric screening.
Preventing account takeover and digital identity fraud is of paramount importance for financial institutions operating in today’s digital landscape and aggressively fighting against money mule fraud is one way they can stay ahead of the scammers.
For more on digital identity and fraud prevention you can listen to a recent webcast on Digital Identity: Moving from reactive to proactive fraud prevention for governments and corporations
