Cybersecurity

Hackers Target the Unemployed as Money Mules

Hackers dupe the unemployed into transferring stolen funds overseas

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Greg Farrell and Michael Riley

August 4, 2011 at 11:56 PM UTC

This article is for subscribers only.

BusinessWeek Cover Image (11_33, 800x1100)

This article is part of the August 8, 2011 issue of businessweek.

Christine Palmer thought she’d finally had a stroke of luck. After spending months unemployed and living off disability payments, in February she submitted her résumé to CS Office Services, a company that helps businesses find office space. An HR employee called to tell her she got the job, a flexible gig that paid by the assignment and required her to help process transactions. On Mar. 3, after a few weeks of online training, she woke up to find that $98,000 had been deposited in her account at Bank of America. An e-mail instructed her to withdraw $9,000, wire it to the Ukraine via Western Union, then transfer most of the rest of the funds to a Ukrainian bank account. As a fee, Palmer could keep $1,800 of the total. While she was completing the wire transfer, a man with an Eastern European accent called, identifying himself as a manager and urging her to speed things up. “He sounded very concerned, which made me think I was going to lose my job,” she says.

It wasn’t until a few days later that Palmer realized CS Office Services didn’t really exist, and that the “manager” was most likely part of a Ukrainian cybercrime syndicate. She says she only figured out the truth when Bank of America called on Mar. 7, telling her they’d halted the international transfer because the funds had been stolen. They said Palmer was responsible for paying back the $9,000 she’d already withdrawn and wired overseas.