OFFICIAL SECURITY BLOG
October 28, 2013 | BY Jean Taggart
It is a sad state of affairs, but email is still a viable attack vector for the bad guys, and today I wanted to touch on the “fabulous job opportunities” that sometimes arrive in you email inbox.
We know one of the things that malicious actors try to get, when they infect computers with their malware, is credentials, more specifically banking credentials.
This begs the question, what do they do once they have these credentials?
In the past, cyber criminals tried to transfer money directly out of the victim’s bank account and into a one that they controlled.
There are distinct disadvantages to this method, as this leaves a clearly visible paper trail and financial institutions soon started to implement fraud detection flags. If the bank saw Grandma, transferring her life savings to a bank in Romania, they started treating that as a red flag for fraud.
Enter the “money mule”.
A money mule is a person who is local to the compromised account, who can receive money transfers with a lesser chance of alerting the banking authorities.
These money mule retrieve the funds and transfer them to the cyber criminal.
When the victims financial institution investigates the fraud, they can retrace the funds only up to the money mule, who is left holding the bag, and faces criminal charges, while the cyber criminal, residing in a different country, under a different jurisdiction, gets away scot-free.
This would still seem like a fair outcome if the money mule had entered into this proposition knowing what was at stake. Most often they are victims themselves, having been duped into believing that the money transfers were performed as part of a legitimate work at home business.
After the muling is up, they are often victims of identity theft as well.
The money mule recruiters are a crafty bunch, and here are some of the tricks they will use:
The Job Pitches sometimes have typo’s.
While the common wisdom has been that as the job application questionnaires, supporting websites, and employment contracts used by fraudsters contain typos as they are fakes, and shoddily constructed, some have postulated that these errors are intentional.
This assumes that the potential victim who cannot recognize something is amiss, by the presence of typographical errors, will make an even easier mark.
If you coincidently happen to be seeking employment when you receive these job offers, here are some positions that should raise suspicions:
All of the “positions” have one thing in common. They require you to use your personal banking account to conduct business. This should be a huge red flag.
A legitimate employer will never ask you to use your personal bank account as part of your employment.
The job involves money transfer business. (Western Union, Cash Sender, MoneyGram, etc)
Spotting that your potential employer is fraudulent is increasing in difficulty as we are seeing turnkey money mule recruitment websites templates that are offered on criminal forums.
We have heard of lengthy phone interviews, and legitimate looking questionnaires, all designed to reinforce the illusion that the employment offer is genuine.
Here are the key points to take away:
Unsolicited job offers, coming via emails will not end well.
Offers that require you to use money transferring services will also not end well.
If it looks too good to be true, it probably is.