Identifying Mule Accounts

When there is fraud then there is mule account; in fact it is the more important than botnets or phishing methods because what will hackers do with the banking credentials they have if they cannot use them. It is an important part in fraud and fraudsters will look for ways just to recruit and also control the mules.

Today, mule recruitment is carried out in the internet by using scam. Fraudsters will send a false email about job searches saying that the victim’s resume was reviewed and that they are suitable to work at home. Due to the fact that the economy is rough and it is an opportunity, victims will take the bait. In the next e-mail exchanges, victim will sign fake paperwork and receive instruction for his assignment. Sometimes mules will be told to accept funds from the compromised accounts, reshipping of goods that are bought using other person’s credit card or even receiving the money.

Soon the fraudsters stumbled upon a problem, when potential recruits are asking about the company website. To fix the problem, fraudsters even built their own website as the front of their activities and candidates can view the site and see the vacancies. They made it look like a legit company by listing current employees and their jobs; details about their work and others.

Online mule recruitment has changed the way fraudsters operate because they don’t need a physical presence in that country so that they can recruit potential mules. Since he is doing his recruitment online, he can further increase the number of mules to increase his profit. It has become a challenge for many law enforcement agencies and incident response teams of industries because the mules thought that they have legit jobs. Sometimes, even mules become victims as well.

Sometimes there are places where online recruitment may become a problem, thus fraudsters will still recruit mules in real world. Sometimes, these mules can be accomplices who know that they are working with fraudsters and they can open multiple banking accounts. Another type of mule is what police call as the vacation or tourist mules; mules who are flown to different country and opens accounts in certain banks for their operation.

Somehow it is difficult for banks to stop a mule in opening a banking account because mules can be like any other regular person who is trying to open a bank account. However, it is still possible to identify a potential mule and stop them before they make any wrong mistakes that they will regret. Since mules can either be accomplices who are trained liar or unwitting victims who are too willing to make money. Identifying the first one can be difficult but the second one is not.

Identifying unwitting mules can be very easy by asking simple question before they can open bank accounts. It is the same as security screening found in airports, where weird sets of questions are asked; questions that are not designed for liars but for certain individuals who were duped and place into a particular situation.

For example bank employees will ask the individual whether someone else told him or her to open a banking account in this bank; or asking if opening this particular bank account is related into a particular job offer he or she received on the internet or even in the real life. Or any other questions that would raise an alarm for the bank, but it doesn’t mean that the employee can truly assess if that person is a potential mule or not. In fact the answers will be recorded and opening the bank account will be put on hold until further results from the investigations made by the incident handling or security team is available.

Basically, banks do not need to perform additional special training for their employees, a simple information campaign regarding new procedures will do. Customer education is really not that important at all, but it won’t hurt the bank if they will try like giving away fliers or posting ads that explains the danger of mule scams would help. Instead, banking clients and the public will appreciate the information given by banks and can help deter frauds in recruiting more mules.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer incident response training.