Comments on: Money Mules: laundering out the phish smell http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/ A blog about and from PhishTank, a collaborative clearinghouse for data about phishing. Thu, 21 Aug 2008 06:40:38 +0000 http://wordpress.org/?v=2.0.4 by: mulehunter http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-239 Thu, 16 Nov 2006 15:53:35 +0000 http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-239 I thought it might be worth providing a bit of extra background on the mule issue, as this is an issue familiar to the UK banking community for which I work. Mule recruitment is the other side of the phishing equation. Phishing is one process by which fraudsters get hold of bank account login credentials (malware being another). However, once the fraudsters have loggged into a victim's account, they need a way of getting away with the money, and this is not as straightforward as it sounds. Methods of achieving this vary around the world, depending upon the way banking systems are set up in various countries. In the UK the "money mule" is a common method - an individual duped into thinking they are working for a legitimate company by agreeing to use their bank account to move money around. In our experience the mule's account is not generally raided by the fraudsters, but they obviously do need to know enough about the mule's account to be able to move money into it. For takedown purposes, mule web sites pose some challenges when compared with phishing sites. The most obvious of these is that, wheras with a phishing site there is a clear abuse of a known bank's trademarks and other intellectual property, most mule sites are completely made up and could conceivably be for a real company which can make it difficult to convince a host to take down the site. In addition, some mule recruitment emails contain links to the sites of genuine companies (the recruiters want you to respond to them via an email which appears elsewhere on the email). These and other factors can make it a challenge from a liability and process view to deal with mule sites, which is undoubtedly the goal of the fraudsters. Having said that, we would be very interested in supporting ways of automating the detection and removal of mule recruitment sites and email addresses. Some further background and examples are available on our site: www.banksafeonline.org.uk I thought it might be worth providing a bit of extra background on the mule issue, as this is an issue familiar to the UK banking community for which I work. Mule recruitment is the other side of the phishing equation. Phishing is one process by which fraudsters get hold of bank account login credentials (malware being another). However, once the fraudsters have loggged into a victim’s account, they need a way of getting away with the money, and this is not as straightforward as it sounds. Methods of achieving this vary around the world, depending upon the way banking systems are set up in various countries. In the UK the “money mule” is a common method - an individual duped into thinking they are working for a legitimate company by agreeing to use their bank account to move money around. In our experience the mule’s account is not generally raided by the fraudsters, but they obviously do need to know enough about the mule’s account to be able to move money into it.

For takedown purposes, mule web sites pose some challenges when compared with phishing sites. The most obvious of these is that, wheras with a phishing site there is a clear abuse of a known bank’s trademarks and other intellectual property, most mule sites are completely made up and could conceivably be for a real company which can make it difficult to convince a host to take down the site. In addition, some mule recruitment emails contain links to the sites of genuine companies (the recruiters want you to respond to them via an email which appears elsewhere on the email). These and other factors can make it a challenge from a liability and process view to deal with mule sites, which is undoubtedly the goal of the fraudsters.

Having said that, we would be very interested in supporting ways of automating the detection and removal of mule recruitment sites and email addresses.

Some further background and examples are available on our site: www.banksafeonline.org.uk

]]> by: PW http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-220 Tue, 14 Nov 2006 22:50:59 +0000 http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-220 A newbie here, so I may be missing the obvious and I see that there's a mule scam awaiting verification in the list - I'm certainly confused. A mule scam is certainly criminal activity that ends up stinging the victim. They generally try to pose as respectable businesses, often using names that are similar to established companies. They use spam email with links to deceptive websites. Warning against these would provide a valuable service. I know they probably occupy a grey area between a 'true' phish and a other scams but aren't we splitting hairs a bit if we say that this isn't a type of phishing? A newbie here, so I may be missing the obvious and I see that there’s a mule scam awaiting verification in the list - I’m certainly confused.

A mule scam is certainly criminal activity that ends up stinging the victim.
They generally try to pose as respectable businesses, often using names that are similar to established companies.
They use spam email with links to deceptive websites.
Warning against these would provide a valuable service.

I know they probably occupy a grey area between a ‘true’ phish and a other scams but aren’t we splitting hairs a bit if we say that this isn’t a type of phishing?

]]> by: MASA http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-216 Tue, 14 Nov 2006 01:40:21 +0000 http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-216 From the blog post it seems like that a money mule is a phish technique From the blog post it seems like that a money mule is a phish technique

]]> by: astrogeek http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-215 Mon, 13 Nov 2006 19:03:56 +0000 http://www.phishtank.com/blog/2006/11/10/money-mules-laundering-out-the-phish-smell/#comment-215 Wouldn't a site like this eventually ask for your banking information, much like a straightforward phish we all know and love? It sounds like a variation of the Nigerian scams. Wouldn’t a site like this eventually ask for your banking information, much like a straightforward phish we all know and love? It sounds like a variation of the Nigerian scams.

]]>