Buguroo has written a brief explainer to teach the general public about mule accounts. A mule account is a real bank account that a criminal uses to launder money, transferring illicit funds into the account and then out again to make the money clean and untraceable when it emerges on the other side.
In some cases, cybercriminals will create their own mule accounts using fake or stolen credentials. Those accounts are a serious problem for banks (and any victims of identity theft), but shouldn’t have as much fallout for legitimate customers who protect their personal information.
The same is not true for customers who willingly allow their bank accounts to be used as mule accounts. According to buguroo, cybercriminals will often try to recruit people for their operation, using social engineering to lure people with hashtags like #PayPalFlip, #EasyMoney, and #legitmoneyflips. Criminals typically go after young people (roughly a third of all mule accounts belonged to people under the age of 21), largely because young people are more likely to be short on cash and are easier to tempt with the promise of a quick payday.
Young people are also not quite as savvy, and may not be aware of the potential consequences of their actions. Someone who enters into a mule arrangement will allow a third party to move funds through their own personal back account, usually in exchange for a share of the profit. The mule usually won’t know where the money comes from or what it is being used for, and will regard it as a simple way to make some extra income.
However, acting as a money mule still makes them complicit in illegal activity, and they may shoulder much of the blame if the authorities are unable to track down the criminals behind the scheme. In addition to potential jail time (up to 14 years in the UK), the mule could face severe financial side effects. They may be unable to open a bank account for years following the incident, and may have difficulty getting a credit card or obtaining a mortgage in the future.
Buguroo also noted that criminals will often target elderly customers with a more stable financial history, whose activity is less likely to draw the attention of the bank.
To combat the problem, buguroo advises banks to invest in onboarding and behavioral biometrics. Better onboarding tech will allow banks to spot a fraudulent account as it is being opened, while behavioral biometrics can identify suspicious activity in an existing account.
The mule account explainer is the latest in a series of buguroo posts that highlight various cyber threats. The company has previously warned consumers about first and second party fraud, as well as a banking Trojan in Brazil and a trio of malicious apps available through Google Play.
February 28, 2020 – by Eric Weiss