Hackers Target the Unemployed as Money Mules

Hackers dupe the unemployed into transferring stolen funds overseas

Christine Palmer thought she’d finally had a stroke of luck. After spending months unemployed and living off disability payments, in February she submitted her résumé to CS Office Services, a company that helps businesses find office space. An HR employee called to tell her she got the job, a flexible gig that paid by the assignment and required her to help process transactions. On Mar. 3, after a few weeks of online training, she woke up to find that $98,000 had been deposited in her account at Bank of America. An e-mail instructed her to withdraw $9,000, wire it to the Ukraine via Western Union, then transfer most of the rest of the funds to a Ukrainian bank account. As a fee, Palmer could keep $1,800 of the total. While she was completing the wire transfer, a man with an Eastern European accent called, identifying himself as a manager and urging her to speed things up. “He sounded very concerned, which made me think I was going to lose my job,” she says.

It wasn’t until a few days later that Palmer realized CS Office Services didn’t really exist, and that the “manager” was most likely part of a Ukrainian cybercrime syndicate. She says she only figured out the truth when Bank of America called on Mar. 7, telling her they’d halted the international transfer because the funds had been stolen. They said Palmer was responsible for paying back the $9,000 she’d already withdrawn and wired overseas.

Criminal syndicates, many of them based in Eastern Europe and Russia, have mastered what may be the world’s most lucrative cybercrime: defrauding online banking networks out of as much as $1 billion a year, according to Don Jackson, a researcher for Dell SecureWorks, which aids U.S. law enforcement in tracking the gangs. The syndicates use computer viruses to steal online banking passwords—usually from small companies, which can have fat payrolls but less security than major corporations—and then transfer large sums to accounts they control. The catch? Getting the money out of the country is difficult, since banks carefully watch international transfers.

The anemic U.S. economy provides a solution. Overseas criminals have in the last few years taken to hiring out-of-work Americans such as Palmer to serve as money mules, accepting bank transfers from victims’ accounts and then wiring the cash to the perpetrators. That’s a felony, so the foreign gangs use ruses to convince the mules that they’re working for real businesses. The most elaborate include splashy websites for dummy corporations, fake job interviews, and phantom managers—though to some extent the scheme depends on desperate job seekers willing to ignore warning signs. “You can’t blame these people, really,” says Avivah Litan, a vice-president at Gartner Research, which consults with banks on fraud. “If you’re desperate and aren’t paying your bills and this thing comes along—hey, it’s a job.”

The mules rarely face prosecution, so long as law enforcement believes they were duped, and the criminals themselves are generally beyond the reach of U.S. authorities. “It’s the modern version of Bonnie and Clyde shooting across the border and taunting the police,” says Chris Swecker, a former FBI assistant director who advises companies on cybersecurity issues.

Some mules concede that, in hindsight, they probably should have known better. In late 2009, Mary Long found a $60,000-a-year job as a logistics specialist for Advanta Transportation Network, a global mining services company based in Denmark. A representative occasionally asked her to complete projects, like working with customers who were trying to get equipment through customs, but then delayed or canceled the assignment. The representative blamed such foul-ups on the accounting department. “Whenever I’d get skeptical about something, they’d fix it, come up with some explanation,” says Long. Advanta eventually told her it would transfer money to her account allowing her to buy Apple products for shipment overseas. Only after the transfer failed to go through did Long realize the company was a fraud: “I was fooled by my desperation for work.”


    The bottom line: Overseas criminals use elaborate ruses, including phony websites, to trick job-seekers into helping transfer stolen funds.

    Before it's here, it's on the Bloomberg Terminal.