Warning! Don’t be a money mule

Don't be a money mule for cyber criminals!

I like reading my spam. Sounds strange? Perhaps it is, but from the perspective of an eCrime investigator, there’s often something interesting inside a spam folder

One day I was going through the spam folder of my inbox and came across an interesting job offer. A company was looking for people who could speak English, had an e-mail box and a PC, could work unsupervised, and had no criminal record.

An ‘unmissable opportunity’

Cool, I fulfilled all the criteria! It seemed like the perfect opportunity for a career change so I sent in my reply: “Oh yes, what do I need to do?”

In no time at all, I received an answer: “We are glad to inform you that you have been chosen for this position. Welcome.” The reply also explained that my new job was a “payment processing manager”. All I needed to do was to receive money in my bank account and transfer it to another account. Very tempting offer… but I decided to stay in my current career.

A criminal scam

Why? Because the job offer was a criminal scam. Criminals dupe victims with such offers into helping them launder money. They were trying to recruit “money transfer agents” – also known as money mules. Typically, these money transfer agents or financial operators are promised a 5-10% commission for “processing payments” or “transferring funds” through their personal bank accounts.

The mules are asked to set up a new bank account in a local bank and send over the account number. After this, the money starts to flow in. It may be money the criminals are making from online banking scams, stolen credit card numbers, auction fraud or other illegal activities. The mules are instructed to withdraw it in cash and send it further by using money transfer services like Webmoney, E-Gold, Fethard or Western Union. These transfer services can be used for good or bad motives, but the key thing is that they are irreversible and anonymous, making it much harder for investigators to follow where the money goes and catch the criminals.

Finding money mules

There are many ways in which criminals use the Internet to recruit money mules. Most common are spam messages and unsolicited e-mails, as well as job adverts placed on real recruitment sites. Sometimes criminals create (or clone) professional web sites that look perfectly legitimate to the untrained eye or steal the whole template for a web site from a reputable company. On rarer occasions a reputable web site is ripped off or hacked by criminals and used to host the mule site. In all these cases the criminals aim to convince the job seekers that the employment opportunity is made by a genuine, legal company.

The promise of easy money for a few hours of simple work has lured many people to sign up as money mules. But when the police and banks uncover these cases, the trail always leads only as far as the money mule, not the real criminals. It is the money mule at the bottom of the crime chain who is the first to get caught.

The consequences

The consequences can be serious. People suspected of receiving and forwarding stolen money may have their bank accounts frozen while they are being investigated. Becoming a money mule can also ruin a person’s credit history and lead to criminal charges.

In one particular attack against a large European online bank system, the real attackers were never found. They infected tens of thousands of home computers with a banking trojan. The trojan modified online transactions on-the-fly while people were doing their normal banking. The trojan wired money from the victims’ accounts to hundreds of accounts that were set up for this purpose.

The accounts had been created by local money mules, and as the accounts were in the same bank that was being attacked, the money was moved without any interbank delays. In this case the money mules were informed with text messages that the money had arrived and they were supposed to wire it to Central Europe via Western Union. The real criminals were never found, but over 200 local money mules were charged in court. Some of the money mules turned out to be grandmothers who were trying to make some extra money with “an easy part-time job”.

So in the end I’m glad I decided to stick with my current job. On the Internet if something looks too good to be true, it often is.

To learn more about staying safe online, check out iiNet’s Online Safety Series.

Photo credit


  1. Luke says:

    Me too, you get a good laugh at the spam, people try so hard and sometimes everything looks so legit, I also use them as a great tool the show my kids that play url webgames like Kizi, GirlsGames, Cartoon Network, Disney and more to recognise spam banners and no your not a winner.
    All of them, even my 3y/o who comments ‘Dad, its that silly shoot an Ipod game again, wish they get a life’ ‘Or i’d like to punch her in the face but that will open more windows’

    I’ve taught all 5 of my kids well and I don’t need to worry about much of their activity, a lot of it is on lock down, they have their own log in and using my epic skillz keep them safe, but you can never escape banners or advertising in flash games, youtube vids etc.

    All on IInet too with filtering from BoB 2.

    Love your work,
    H8 troll Facebook flamers
    IIvet 7 years strong.


  2. Anon says:

    Well done.

    I normally send those scam emails to:

    I will add that I’ve been to a job interview where I was asked to go to Nigeria! An upgrade on the well-known Nigerian scam.

Leave a Reply

Your email address will not be published.