Money mules recruited through spoofed pages
McAfee Avert Labs researcher Francois Paget said Thursday that he was searching for information about financial fraud and phishing when he came across a page that appeared to be registered to an Apple reseller in Great Britain.
Under a realistic image of an electronics store, Paget found job information recruiting money mules. The IP address was tracked to Turkish provider TurkTeleKom and U.S.-based ISP Liquidweb.
Although the websites displayed phone numbers, experts said they are likely not used as part of the mule-recruitment process because law enforcement officials could easily trace them.
“As it is difficult to make cross-border transfers, money mules, or money transfer agents, are required to launder the funds obtained as a result of phishing and trojan scams,” said Paget. “After being recruited, they receive funds into their accounts and they then withdraw the money and send it overseas using a wire-transfer service, minus a percentage commission payment.”
Dave Marcus, security research and communications manager at McAfee Avert Labs, told SCMagazineUS.com today that recruitment ads such as these are becoming more common.
“One of the big questions we're asked is how [cybercriminals] turn this money into actual money, or what way would you make money from malware?” he said. “The prevalence [of recruitment sites] jumped out at me. We're seeing it more and more often, and [it's alarming] how the recruiters make their sites look more and more realistic, like its an actual Apple reseller site. They're near-perfect imitations of real sites.”
Such improvements mirror the evolution of spam and phishing emails in recent years, Marcus said.
“When we say that spam and phishing evolved, it evolved from things that had grammatical errors to something that looked just like the real thing,” he said.