Identity, Threat Management

‘Money mule’ accounts have transferred $3 billion in the first half of 2022

“Cash Money (part two)” by jtyerse is licensed under CC BY-NC-ND 2.0

Fraudulent financial transfers known as “money mule accounts" have been on the rise as cybercriminals use botnet and hybrid bot technology to open the accounts on a wider basis, according to BioCatch, a behavioral biometrics company.

Indeed, in the first half of this year, BioCatch estimated that there were roughly 2 million mule accounts at U.S. financial institutions, responsible for illegally transferring a total of $3 billion, according to a recently released research report by BioCatch and Aite-Novarica. Most often, online thieves keep the transaction amounts low — $1,500 for the average mule transaction — so that they can conduct their business without being spotted or reported under financial compliance rules.

Mule accounts play a critical role in the fraud supply chain infrastructure and the money laundering process, according to Ayelet Biger-Levin, vice president of market strategy at BioCatch.

“When cybercriminals manage to take over funds from victims or financial institutions, or launder illegally acquired funds through other means, they use mule accounts,” Biger-Levin said, “which act as the 'middle-means' to then transfer the money 'safely' to the cybercriminal.”

Perhaps more troubling for the longterm is that the research also indicated that increasingly these financial fraudsters are using automated bots and so-called “hybrid bots” so that they can create and push out these accounts at a larger scale more quickly. (Money mule accounts are believed to make up roughly 0.3% of all U.S. financial institution accounts.) According to the report, at least 1 out of every 100 money mule accounts was created by a bot.

Traditional fully automated bots can work extremely fast in opening new accounts for cybercriminals, whereas hybrid bots typically require some amount of human intervention on the script, and hence, tended not to raise as many security red flags, according to the report. BioCatch started to detect hybrid bots more and more in June 2021, according to Biger-Levin.

“The criminals had tweaked the botscript, slowing it down to increase the time in between key presses to imitate human behaviors and avoid detection,” she said. As a result, BioCatch started analyzing keystroke variance and was able to pick these bots out from the crowd — a method called periodic bots.

An FBI Internet Crime Complaint Center notice issued in December 2021 noted that there has been a significant uptick and expansion in scams designed to trick average financial consumers into operating as mules. Biger-Levin pointed out that reports in the United Kingdom also showed a similar rise, and also discussed cybercrime groups “recruiting younger mules, ages 18-30.”

“The tactics have evolved mainly by using more social media avenues to recruit mules,” she added. As far as the use of bots is concerned, more deceptive mules will use multiple stolen identities “to quickly open a large number of accounts.”

Within the past two years, Biger-Levin cited specific initiatives that have driven the need for “efficiency in account creation” for cybercriminals (for example, accessing financial aid and relief funds during the pandemic, and illegitimately accessing tax refunds).

“Financial institutions were under immense pressure to distribute economic relief funds to citizens quickly,” she said. “In some cases, this meant lowering security barriers to enable disbursement.”

Hence, this unfortunately created an unprecedented opportunity for criminals to “claim money for themselves by opening deposit accounts in the names of unaware victims and submitting fraudulent claims for government benefits,” Biger-Levin said.

“Cybercriminals needed to be quick to open these accounts and cash out before the legitimate recipients did, so they quickly deployed bots as means to automate the process of account application using stolen identity information,” she added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.