PhishTank is operated by OpenDNS, a free service that makes your Internet safer, faster, and smarter. Get started today!

Money Mules: laundering out the phish smell

posted by John Roberts on November 10th, 2006 in PhishTank, Members, Voting, Safety, Verifying phishes, Mules

The following post was written by PhishTank member funchords, a very active member of the community, and currently the top submitter to PhishTank.

Submission 22779 is such a professional-looking employment ad, one might even wonder why it was submitted as a suspected phish site. Most likely, redpriest realized that the ad was looking for a Money Mule — a person who launders phishy money through their personal accounts and moves it overseas.

It’s both illegal and risky — and most Money Mules end up getting burned as soon as the phish-site victims realize that their credit cards or identities have been compromised. In addition to possible trouble with the police, the Money Mule gets to pay back the banks and institutions that were involved in the fraud. Money Mules take all the heat while the real crooks disappear into anonymity.

So why was Submission 22779 marked “Verified: Is NOT a phish?” Because, even though it probably is related to phishing, it really is not a phish. It isn’t masquerading as an institution one already trusts in order to obtain financial information.

While PhishTank endeavors to quickly and accurately identify Phish, our friends at CastleCops.com specialize in working with government and internet concerns to shut these criminals down. CastleCops has an e-mail address to report suspected Money Mule advertisements: mules@castlecops.com.

Got a phish? As always, throw it in the PhishTank. But if the crooks are “fishing” for a Money Mule, then report it to mules@castlecops.com.

 
Follow responses to this post through the RSS 2.0 feed.
Leave a response below, or send a trackback from your own site.

4 Responses

  1. astrogeek

    Wouldn’t a site like this eventually ask for your banking information, much like a straightforward phish we all know and love? It sounds like a variation of the Nigerian scams.

    — posted by astrogeek on November 13th, 2006 at 7:03 pm

  2. MASA

    From the blog post it seems like that a money mule is a phish technique

    — posted by MASA on November 14th, 2006 at 1:40 am

  3. PW

    A newbie here, so I may be missing the obvious and I see that there’s a mule scam awaiting verification in the list - I’m certainly confused.

    A mule scam is certainly criminal activity that ends up stinging the victim.
    They generally try to pose as respectable businesses, often using names that are similar to established companies.
    They use spam email with links to deceptive websites.
    Warning against these would provide a valuable service.

    I know they probably occupy a grey area between a ‘true’ phish and a other scams but aren’t we splitting hairs a bit if we say that this isn’t a type of phishing?

    — posted by PW on November 14th, 2006 at 10:50 pm

  4. mulehunter

    I thought it might be worth providing a bit of extra background on the mule issue, as this is an issue familiar to the UK banking community for which I work. Mule recruitment is the other side of the phishing equation. Phishing is one process by which fraudsters get hold of bank account login credentials (malware being another). However, once the fraudsters have loggged into a victim’s account, they need a way of getting away with the money, and this is not as straightforward as it sounds. Methods of achieving this vary around the world, depending upon the way banking systems are set up in various countries. In the UK the “money mule” is a common method - an individual duped into thinking they are working for a legitimate company by agreeing to use their bank account to move money around. In our experience the mule’s account is not generally raided by the fraudsters, but they obviously do need to know enough about the mule’s account to be able to move money into it.

    For takedown purposes, mule web sites pose some challenges when compared with phishing sites. The most obvious of these is that, wheras with a phishing site there is a clear abuse of a known bank’s trademarks and other intellectual property, most mule sites are completely made up and could conceivably be for a real company which can make it difficult to convince a host to take down the site. In addition, some mule recruitment emails contain links to the sites of genuine companies (the recruiters want you to respond to them via an email which appears elsewhere on the email). These and other factors can make it a challenge from a liability and process view to deal with mule sites, which is undoubtedly the goal of the fraudsters.

    Having said that, we would be very interested in supporting ways of automating the detection and removal of mule recruitment sites and email addresses.

    Some further background and examples are available on our site: www.banksafeonline.org.uk

    — posted by mulehunter on November 16th, 2006 at 3:53 pm

Leave a Reply

Server: pt2