Spam Often Offers Money Mule Positions

On October 29, 2009 the FDIC warned banks that the fraudulent work at home scams appear to be increasing. Spam is often the foot in the door for the cybercriminal. The bank's customers receive funds but really don't know its true source. They then end up transferring these funds electronically to overseas contacts. This job has become known as being a "money mule." Banks need to be aware of their customers transactions, watching for these warning signs in an effort to thwart criminal activity and avoid losses.

The FDIC cites these common scenarios:

• Online job posting Web sites are used by criminals to locate individuals seeking employment with flexible work hours that can be performed from home. These work-at-home schemes often involve written employment contracts, job descriptions and procedures to legitimize the scam.
  
• Advance fee scams promising large monetary rewards for acting as a financial intermediary can entice individuals to participate in this activity.
  
• Mystery shopping jobs may be used that require the employee to assess the performance of money service businesses by completing EFTs and then evaluating the service using customer satisfaction forms.
  
• Social networking sites may be used to recruit individuals to act as money mules. Criminals conjure up various imaginative stories to befriend and persuade individuals to receive and forward stolen funds.
  
• Some hesitant or skeptical money mules have been intimidated, harassed and threatened by their criminal "employers" to process the funds transfers quickly and with secrecy.
  
• The personal identifiable information provided by the money mule might later be used to commit identity theft or account takeover.
  

They also cite these examples of events that may indicate money mule account activity:

• A deposit account opened with a minimal deposit soon followed by large EFT deposits.
  
• Deposit customers who suddenly begin receiving and sending EFTs related to new employment, investments, business opportunities or acquaintances (especially opportunities found on the Internet).
  
• A newly opened deposit account with an unusual amount of activity, such as account inquiries, or a large dollar amount or high number of incoming EFTs.
  
• An account that receives incoming EFTs then shortly afterward originates outgoing wire transfers or cash withdrawals approximately eight to ten percent less than the incoming EFTs.
  
• A foreign exchange student with a J-1 Visa and fraudulent passport opening a student account with a high volume of incoming/outgoing EFT activity.
  

A Closer Look as One Spam Message

(You can click on an image to see a larger view.)

Let's take a few moments to examine spam. You can see by the image above that Bank of America sent a warning that my account had several logon attempts. This specific message was sent to "undisclosed-recipients" and starts with "Dear member." I knew immediately it was spam as I don't bank there, but why wouldn't they address it to me if it were on my account? My bank knows who I am. That was a pretty good give-away. But lets look to at the source of the message.




When this is put in the Junk Email folder in Outlook, you can see the Bank of America image was linked to a valid image, but the security symbol was linked from USAA, a competitor of Bank of America. The message is short and sweet, and the link it refers the receiver to isn't going to a bank domain at all, http://racheljohns.com/Bankofamerica.com/Online/index.html. Rachel Johns likely was a victim and part of her site was hijacked by the spammer. The link is a forgery, although racheljohns.com is accessible.

If your customer gets a message like this, they should know how and where to contact you. Your bank should have a process that not only reacts to a threat like this to stop it, but reassures your customer of your safety and that of their accounts with you.

You've Won the Lottery

Well we all know that "You've Won" emails go straight to the spam folder. But in Sydney, Australia that attitude could have cost one lucky lady $40 million. She failed to log her telephone number on her entry. She'd heard on the radio that a winner was in western Sydney. She told her husband they weren't in western Sydney and he told her they were. She also told her husband they couldn't be lucky enough to win $40 million and he asked why not? Finally she looked and saw that her numbers did win. She checked her spam folder, and there was her notice from the real lottery authorities who had been trying to contact her.

It just goes to show you, that these notices are not all spam. And hey, looky there, I just won three lotteries. Funny, I don't remember entering any of these, especially the ones in the UK.

I still believe my chances of putting a real winning notice in my spam box is higher than my chances of winning in the first place.

Work at Home, Make Big Money

You may have heard of the customer working from home doing payroll or some other tasks for extra money. They use an account with your bank as a part of their job. Certainly it could be a scam related money laundering.

Some work at home offers are just scams. In this example, unwilling participants who thought they were processing payroll for an international company were actually money mules. Funds went into an account, and back out. The money was actually being laundered. It was stolen.

Alexey Mineev, of Hampton, New Hampshire recently plead guilty to money laundering charges. He set up drop accounts that were used to receive and send monies that were stolen from brokerage accounts. Mineev could be sentenced to two years in prison, and a $40,000 fine. His plea agreement has him returning the $112,000 he made for his part in the scheme between July and December 2007.

Mineev, and his co-conspirators, Alexander Bobnev and Aleksey Volynskiy worked as a team. They would entice users to watch an online video that required a special codec to be installed, a screensaver or a security patch - which would actually be the delivery mechanism for a Trojan.

They could then monitor the users activities looking for passwords and other logon information for brokerage or bank accounts. Screenshots could be reviewed that also showed the balance in the user's account. Bobnev would review the accounts and Mineev and Volynskiy would move the funds through drop accounts. Once the funds left the U.S. they would be virtually impossible to recover. Western Union was often used to move the money out of the country.

Your customers need a constant reminder to keep their cyber-safeguards up. They need to protect themselves from Trojans. And still other customers need to be vigilant about who they work for and what jobs they may be doing. They could be money mules and not know it. We have read on the BOL threads where both of these customers could be at the same bank. The bank is certainly a loser in this situation.

Possible Pandemic brings out Phishers

A pandemic triggered by the swine flu is causing panic for some. Others see this as an economic boost as they try to sell fake pharmaceuticals. There are a number of these phishing and spam emails being sent. Two of the more popular have a subject line of "First US swine flu victims!" and "Madonna caught swine flu!" according to Dave Marcus, director of security research at McAfee Inc.

Marcus said that about two percent of the spam today is on the flu. Some of these are out to sell phony or adulterated medications and some sites simply want to get the credit card number of anyone who falls for the pitch.

These are probably the same people who quickly register names of storms in hopes of taking advantage of the goodwill many people have when trying to help others. So it is no surprise to see this activity. But employees and customers alike need to realize that their own doctor and health system is where they need to go for information and assistance. Buying drugs based on an email is not the wisest choice someone could make. Not only may you not be protected after taking any medications bought from an unreliable source, but it just might make them sick.

Internet Crime Up in 2008

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center, and the Bureau of Justice Assistance.

The IC3 recently reported that internet crime reports were up 33 percent in 2008. They reported 275,000 complaints in 2008 as compared to 207,000 in 2007. The dollars lost in these crimes in 2008 was $265 million. That amount is up only 11 percent over the prior year. Median losses were highest check fraud ($3,000), confidence fraud ($2,000), Nigerian letter fraud ($1,650).

The most common complaint received deals with nondelivery of merchandise (33%). Auction fraud (26%) and debit card fraud (9%) are ranked as second and third.

Men tend to lose more on internet scams than women. Men lose $1.69 for each dollar a woman loses. Men also place 55% of the complaints.

FBI Cyber Division Assistant Director Shawn Henry said, "This report illustrates that sophisticated computer fraud schemes continue to flourish as financial data migrates to the Internet. It also underscores the need for continued vigilance on the part of law enforcement, businesses, and the home computer user to be aware of these schemes and employ sound security procedures."

Scammers scam because scamming makes money

Bankers need to be diligent in reminding customers to protect their computers. When surfing the web, they must do so with security in mind. Part of that security means knowing about their computers, and not falling for scams that try to manipulate them with fear.

One such scam uses a pop-up window that tells them their computer is infected with a virus. Coincidently this pop-up also has a link to a program that will solve the problem. Ultimately the scammer wants your customers credit card information. They think they are buying a useful, downloadable program. That isn't the scammers motivation though.

Recently Finjan's Malicious Code Research Center discovered an "affiliate network" that gets paid for these referrals such as via the pop-ups. They hack legitimate websites so that this pop-up will appear. The legitimate website is not aware at that time that they are being used.

The hacker is paid $.096 per referral, less than a dime. In their investigation though, Finjan found that in a 16 day period, 1.8 million referrals were made. The fees paid on 7,900 referrals would be $10,800 per day. Between 7 and 12 percent of the victims do install a useless or harmful program. They pay $50 for that. These fees can generate $172,000 in daily income. In addition, the consumers credit card is now compromised.

Criminals employ these scams because they work. Based on the above, they could make $2 million a year. The cost your customer pays can be much greater than $50 though, and you have a cost as well. Your bank will have to pay that customer back all or part of their loss.

We urge you to educate your customers so they don’t fall for these scams.