One of the biggest problems international bank account hackers, online fraudsters and remote ATM hijackers face is getting their hands on the proceeds of their illegal activities without being traced by law enforcement agencies. Criminals involved in ransomware scams and other dark web-enabled plots are often able to demand payment in the form of cryptocurrencies such as Bitcoin, which are virtually untraceable. Scammers who deal in hard cash or illegally transfer money from victims’ bank accounts don’t have this luxury, and are forced to come up with other ways to receive the fruits of their crooked labour.
To get around this problem, transnational organised hacking gangs involved in these types of crimes are increasingly relying on money mules to launder their ill-gotten gains. Money mules are recruited to have the proceeds of crime paid into their bank accounts. They are then instructed to either directly transfer the funds overseas, or withdraw the cash and wire it to recipients in other countries. In return for their trouble, they receive a commission on the amount of cash they launder.
In the majority of cases, those recruited to act as money mules are not your typical low-level criminals. According to Eurojust, the unemployed or those in other forms of economic distress are prime targets, along with students. Men are more likely to be recruited than women, particularly those aged between 18 and 24.
Oftentimes, those acting as mules are unaware they have become involved in the illegal transfer of stolen funds, having been convinced they have stumbled across an easy and legitimate way to make some quick cash. For those unfortunate enough to be caught, ignorance is no defence. In the EU, money mules can face jail terms of up to 14 years, depending on which country they are apprehended in. Some countries force convicted money mules to pay back the value of the funds they were found guilty of laundering.
Gangs looking for money mules use a number of methods to target potential recruits. They often place job ads on legitimate recruitment sites, advertise on social media and instant messaging apps, or reach out directly to possible candidates via email.
The job descriptions they provide are often incredibly vague and poorly written, typically riddled with poor grammar and multiple spelling errors. European and US law enforcement agencies warn potential victims should be particularly suspicious of overseas companies advertising loosely-described work that appears to pay high wages in return for very little effort, especially work-from-home opportunities that seem too good to be true.
Once recruited, mules are asked to hand over their bank account details and wait for a deposit and further instructions. In some cases, criminal gangs that use mules have been known to rip-off their remote money launderers. Three Romanian hackers extradited to the US last year for allegedly making millions of euros from a sophisticated malware scam told their American money mules they would receive a larger commission if they wired all of the cash transferred to their accounts and waited to receive their payment by cheque. Unsurprisingly, those who took up the offer were said not to have received a cent.
In 2016, Europol launched a crackdown on money mules. The campaign involved two European Money Mule Action (EMMA) weeks, which culminated in the arrest of hundreds of people suspected of helping international criminal gangs launder the proceeds of their illegal activities. During the second week of action, which took place last November, law enforcement agencies across Europe identified 580 money mules, and arrested 178 individuals.
Commenting on the operation the time, Koen Hermans, Assistant to the EU National Member for the Netherlands, said: “As money mules are an essential chain in every financial cyber crime criminal organisation, it is of the utmost importance to target these individuals… The critical success factor in this highly effective money mule action is the close cooperation between private, law enforcement and judicial actors, in order to deter offenders in Europe, and thereby reduce crime.”
Although money mules themselves are very much at the bottom of the criminal hierarchy, and in some cases are not even aware of the severity of the offences they are committing, their actions facilitate the activities of major organised crime groups involved in cyber crime and major fraud.
While law enforcement agencies have a responsibility to both prosecute offenders and raise awareness of the consequences of acting as a money mule, social media companies and job sites also have a role to play in limiting criminals’ ability to recruit the often vulnerable people who become mixed up in this form of low-level money laundering.
An investigation by the UK’s Mail on Sunday last year revealed that hackers were using Facebook to recruit naïve young people as money mules, while both Europol and the United States Computer Emergency Readiness Team have both warned that legitimate jobs boards are often used by criminals looking to recruit people who might be willing to facilitate the laundering of dirty cash. By allowing these posts and adverts to remain live on their services, recruitment websites and social media platforms are a major part of the problem, and should be doing all they can to make sure vulnerable people are protected from organised criminals who would think nothing of exploiting them for personal gain.