The Panama Papers spurred an investigation by Trend Micro researchers that found evidence that cybercriminals, like legitimate corporations, are setting up offshore accounts, according to a company blog.
Researchers found ads for entities that would set up a fake company and a “trust” agreement that clarifies “the nominal owner is not in control” of the offshore company's assets. Takers also get a set of banking accounts in the host country and a set of credit cards that are tied to those accounts. “False monetary transactions will be carried out on these accounts to prove that the company is alive,” according to the blog. “A formal WebMoney (WM) passport which binds these cards to WM wallets will be given to the 'customer.' WebMoney is a very popular way for cybercriminals to move money around.”
But, in a statement emailed to SCMagazine.com, WebMoney said that the binding of bank cards to WM wallets service "is only available to fully identified system users in accordance with money laundering regulations" and funds can't be withdrawn "with any payment instrument without the user being fully identified."
The company explained that its "Arbitration service continuously monitors cases of direct or indirect use of the WebMoney Transfer System in the activities prohibited by the law."
If an agreement is violated "an immediate suspension is imposed on processing transactions of the users of such activities," the company said, noting that WebMoney also "has a department designated specifically for interaction with government authorities and law enforcement agencies."
Trend Micro researchers wrote that most offshoring services spotted in “German and Russian underground forums seem to use companies located in Panama, the British Virgin Islands and the Dominican Republic,” countries that they said were apparently “the most requested offshore locations in the cybercriminal community.”
Update: This story has been updated to include a statement from WebMoney Transfer.