By Hagai Schaffer, Bottomline Technologies, Cyber Fraud & Risk Management, VP Marketing and Product Management
In the last six months alone, there have been two alerts by US agencies describing money mule schemes that have resulted in losses of billions of dollars. Last January, the FBI issued a warning about The Business E-mail Compromise (BEC), which is responsible for over $200 million in losses over the last two years. US Law Enforcement Agencies released an alert last month for a Latvian money mule network that in addition to causing losses for financial institutions are being held responsible for stealing over $2 million dollars from US citizens.
Money mules are the “last mile” to launder funds gained in illegal activity. Banks are eager to catch money mules not only to prevent money laundering, but also to uncover additional illegal activity conducted by the fraudsters. In the case of the Latvian ring, this includes check forgery, reshipping fraud, card re-encoding and re-embossing, tax refund fraud, wire fraud and online auto auction scams.
Money Mule Scenarios
Based on information from the FBI, there are three typical BEC scenarios used for money laundering; a C level executive email is hacked and a request is sent to an employee to transfer funds, an employee’s account is tampered with directly to make a fraudulent request, or a well trusted supplier places a fake request for a company to pay an invoice to a fraudster’s account. In each case the requests are carefully phrased and constructed with the expected amounts to avoid detection.
With the Latvian money mule network a foreigner typically opens a bank account within one week of entering the country using a fake driver’s license. Once the account is opened, the mule brings referrals and opens other DBA (doing business as) or LLC (limited liability company) business accounts related to vehicles or large equipment. After a wire transfer has been made, the mule appears the very next day and makes several transfers, often at different bank branches, but under the $10,000 a day limit to prevent detection from an anti-money laundering system.
Money Mule Scams
In many cases individuals are unwittingly recruited to do money laundering for fraudsters. Mules often lured with promises of high salaries working from home receive fraudulent transactions, then immediately wire them to the fraudster’s account typically in another country, minus a healthy “commission.”
Mules can be recruited in a variety of ways using fictitious online companies which appear legitimate or spam email advertisements offering employment opportunities as a ‘Private Financial Receiver’, ‘Money Transfer Agent’, ‘Shipping Manager’ and ‘Cash Flow Manager’.
Money is entered into the mule’s bank account in various ways – as cash deposits in ATMs, each lower than $10,000 to avoid being flagged by anti-money laundering controls, transfers from other accounts in the same bank, potentially with the help of an insider, or funds that are wired from other banks. Once funds are in the account, then the money mule is given instructions on how to deplete the account in ways that will not raise suspicion.
Even if the money mule is not consciously aware that a crime is being committed, there are consequences. Their bank accounts are frozen during investigations, and their reputation can be damaged.
Proactive Money Mule Detection
Better knowledge of how money mule schemes are executed has somewhat increased the likelihood of detection. Banks are doing a better job identifying and shutting down mule accounts. However, often it is too late and the damage is done. Large scale mule herders still have plenty of active mules to process transactions, so the risk is still there – and it’s growing.
The key is to be proactive by monitoring all customer activity across wire, online, mobile, ATM, teller and phone channels. Creating a holistic view of all transactions, analyzing the relationship of this data and correlating with employee activities in real time can be the best strategy for preventing money mule schemes.