Image: Lucas Favre
Cybercriminals are exploiting the increasing number of layoffs during the current pandemic to recruit new money mules which can later be used to help them launder money gained from illicit activities.
Some phishing messages discovered by PhishLabs researchers are trying to convince targets from Canada and the United States who might have lost their jobs due to the COVID-19 outbreak to start working from home, promising them $5,000 per month.
The potential victims are not provided with any other info regarding what the remote jobs require but are instead asked to request more info via email.
Personal assistant jobs used as a lure
Others impersonate Wells Fargo Human Resource (HR) representatives who are supposedly recruiting remote workers from across the United States to take up personal assistant positions that require running errands and doing personal chores.
“Our great company is now short of staff because of the current pandemic outbreak in the works which is very sad,” the fraudsters say. “This is a part time job if you interested let us know by your response to this message.”
If the unemployed victim will accept the crooks’ job offer they will be sent to run a series of common errands the PhishLabs report explains.
However, “[a]t some point, after the cybercriminal has ideally established trust and credibility, the victim will be given the task of moving funds that, unbeknownst to them, are stolen.”
These scammers indiscriminately prey on any jobless individuals who have lost their positions during the pandemic and are exposing the accidental money mules to very serious legal consequences that could lead to prison time and fines of hundreds of thousands of US dollars.
“Money mules may be witting or unwitting accomplices who receive ill-gotten funds from the victims and then transfer the funds as directed by the fraudsters,” according to a US Department of Justice press release.
“The fraudsters enlist and manipulate the money mules through romance scams or ‘work-at-home’ scams, though some money mules are knowing co-conspirators who launder the ill-gotten gains for profit,” by draining the funds into other accounts that are difficult to trace.
FBI: Accidental money mules are also criminals
Money mule operations used by business email compromise (BEC) and other cybercrime schemes to launder their ill-gotten money can, at times, recruit hundreds of money mules.
They are later organized in international money laundering networks that, eventually, get hunted down by law enforcement and prosecuted (1, 2, 3, 4).
Last month, the FBI also warned about cybercriminals behind money mule scheme increasingly exploiting the public fear and uncertainty surrounding the COVID-19 pandemic.
“Acting as a money mule—allowing others to use your bank account, or conducting financial transactions on behalf of others—not only jeopardizes your financial security and compromises your personally identifiable information, but is also a crime,” the FBI informed.
“Protect yourself by refusing to send or receive money on behalf of individuals and businesses for which you are not personally and professionally responsible.”