Are you a money mule? Found this sort of interesting today.
ZeuS Malware Used to Lure Victims to Money Mule Recruitment Website
It’s well known that it’s not enough for cybercriminals to get a hold of personal and financial information to make a profit. They somehow have to monetize their proceeds, and the safest way for them to do that is by recruiting money mules.
Money mules are willing or unwitting individuals who withdraw the money, keep a percentage for themselves and wire the rest to the crooks.
Cybercriminals often use legitimate job websites to advertise so-called “financial manager” positions. However, over the past period, employment websites have deployed mechanisms to allow users to easily report suspicious ads.
That’s why cybercriminals have started relying on the notorious ZeuS malware to lure potential money mules to their own recruitment website.
A new ZeuS variant spotted by researchers from Trusteer is designed not only to steal information, but also to utilize Man-in-the-Browser (MitB) techniques to present the owners of infected computers with an ad for a mule recruitment website every time they try to access CareerBuilder.com.
The site that users are lured to, marketandtarget [dot] com, is currently down. When it was online, it presented visitors with various poorly designed ads for “hot jobs,” including a job as a “mystery shopper,” which is often used as bait to recruit money mules.
“By using CareerBuilder as a platform, the Zeus operators maximize their outreach to potential mule targets. While HTML injection is typically used for adding data fields or to present bogus messages, in this case we witnessed a rare usage that attempts to divert the victim to a fake job offering,” Trusteer’s Etay Maor wrote in a blog post.
“Because this redirection occurs when the victim is actively pursuing a job, in this case with CareerBuilder [dot] com, the victim is more likely to believe the redirection is to a legitimate job opportunity.”
This is from about the 1/2 way point of this article. Beware of email job offers from Money Mule recruiters | Wiz's Computer and Website Security Blog
Fake employment offers, on the other hand, are meant to get YOU to participate in stealing other people's money, as the middle-man who receives, then remits stolen funds to cybercriminals pretending to be employers. The people who enter into these schemes are known as Money Mules.
Read on to find out how this scam works and what the consequences could be for those who get involved
What is a Money Mule?
A Money Mule is a person who either knowingly or unknowingly becomes involved in a criminal money laundering scheme. The Money Mules I am going to describe are unknowingly recruited into transferring stolen funds, thinking it is part of a legitimate job with a multinational company. This job came to them via an unsolicited email, offering employment, possibly with a subject similar to this one that is currently making the rounds.
Subject: Environmental organization is expanding and currently recruiting worldwide reps
These Trojans will scan the infected computer for links to certain financial institutions, or PayPal, etc. When the user goes to log into their online bank, the malware will either intercept the user name, password and challenge question, or present a fake replacement login page, then send these credentials back home to a server controlled by the criminals running that particular Trojan campaign. Some time later, money will be transferred out of the victim's bank account, usually in amounts that "fly below the Radar" of most bank fraud detection monitors. This is usually just under $5000 or $10,000, depending on how much money is in that account. If a company business account is attacked, hundreds of thousands of dollars might be transferred before alarms go off.
Bank account cybercriminals will do everything in their power to avoid being identified, while still getting a hold of the stolen money. So, they spam out fake job offers to rope in as many Money Mules as they need to launder these stolen funds as quickly as possible. If the average amount that can be transferred to a typical private bank account is $$9,999, this amount will be sent to each recent recruit, by direct deposit. Read that again! The money stolen by a banking Trojan is sent directly to the bank account of a recently hired job seeker, who is acting as a Money Mule.
The Mules are put under contract to report all money received as soon as possible, then to await instructions. They may be told that a direct deposit of say $7500 is going to be made at 8 AM the next morning, their time. They are then told to check their bank account, online, until the money is deposited. They will then receive instructions to issue a wire transfer in that amount to another bank, using routing and account numbers.
Stolen money may be transferred several times, between various Mules, some of whom are in foreign countries. The payout to the criminals behind this job scam is often accomplished by having local Mules take out cash (direct at bank or via ATM card), and converting it into prepaid money cards, or wired by Western Union to recipients who cannot be traced. Many, if not most of these cybercriminals live in the former Soviet Union.
How Money Mules (don't) get paid
Payment for their (money laundering) services is usually promised to be at the completion of each job, or at the end of two weeks, or the calendar month. What most Mules don't know in advance, but soon find out, is that their commission payment is usually never issued. Exceptions might happen when the controller tells the Mule to keep a very small commission before sending out the bulk of the money. Very few Money Mules are retained for a second job. They are "cut loose" and all communication with the so-called company that hired them is terminated. Emails bounce and any phone numbers used to communicate with the Mules are disconnected.
Some time after this, the victim discovers that their bank account has been emptied, or seriously reduced, through fraud. They report it to their bank, who launch a follow the money investigation. Since the pilfered funds went by direct deposit to somebody in the same country, the bank will contact your bank to demand full repayment of illegally transferred funds. Your bank will attempt to comply and take that amount out of your accounts, to satisfy the return order. If your account lacks sufficient funds, the Police will be called, along with your State, or County Attorney General. You will be interviewed and possibly arrested for participating in a money laundering scheme.
Not only will the mules be out the money they transferred, they will also have to pay for a good attorney to defend them in Federal Court. Bank account theft across State lines is a Federal offense. Some of the consequences are listed below (see this document).
Inaccessible bank accounts - During an investigation, law enforcement officials may freeze a money mule‟s bank accounts. Being unable to access funds may create a significant financial burden. These activities may also have a long-term impact on credit scores.
Prosecution - Money mules may be prosecuted for their participation in these schemes. Severe penalties may be meted out to those convicted of money laundering.
Accountability for charges - In some cases, money mules are found personally responsible for repaying the losses suffered by the other victims.
Vulnerability of personal information - As described in the typical process, criminals often collect personal information from the money mules. It is possible that the criminals may use this information for other malicious purposes, including extortion.