About Us | Contact Us
View Cart

Fraudulent Work-at-Home Funds Transfer Agent Schemes

By Dan Hadaway | Thursday, October 29, 2009 - Leave a Comment

The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions of an increase in schemes to recruit individuals to receive and transmit unauthorized electronic funds transfers (EFTs) from deposit accounts to individuals overseas. These funds transfer agents, often referred to as “money mules,” are typically solicited on the Internet by criminals who have gained unauthorized access to the online deposit account of a business or consumer. In a typical scenario, the criminal will originate unauthorized EFTs from a victim’s account to a money mule’s deposit account. The money mule is then instructed to quickly withdraw the funds and wire them overseas after deducting a “commission” (commonly eight to ten percent).

Criminals target online deposit accounts at institutions where business customers can originate EFTs, such as automated clearing house (ACH) and wire transfers, over the Internet. Money mules, however, can be customers at any depository institution where EFTs can be received and funds withdrawn. In some cases, the money mule may be an unknowing accomplice in a fraud scheme. Because EFTs are often made immediately available by the receiving institution, funds may be removed and wire transferred overseas before the fraud is detected. Refer to SA-147-2009 for more information on fraudulent EFT schemes.

Money mule schemes can take many different forms, but most involve receiving unauthorized EFTs into a deposit account and then withdrawing the funds or forwarding them on to another party via another EFT.

The following are common scenarios:

  • Online job posting Web sites are used by criminals to locate individuals seeking employment with flexible work hours that can be performed from home. These work-at-home schemes often involve written employment contracts, job descriptions and procedures to legitimize the scam.
  • Advance fee scams promising large monetary rewards for acting as a financial intermediary can entice individuals to participate in this activity.
  • Mystery shopping jobs may be used that require the employee to assess the performance of money service businesses by completing EFTs and then evaluating the service using customer satisfaction forms.
  • Social networking sites may be used to recruit individuals to act as money mules. Criminals conjure up various imaginative stories to befriend and persuade individuals to receive and forward stolen funds.
  • Some hesitant or skeptical money mules have been intimidated, harassed and threatened by their criminal “employers” to process the funds transfers quickly and with secrecy.
  • The personal identifiable information provided by the money mule might later be used to commit identity theft or account takeover.

The following are examples of events that may indicate money mule account activity:

  • A deposit account opened with a minimal deposit soon followed by large EFT deposits.
  • Deposit customers who suddenly begin receiving and sending EFTs related to new employment, investments, business opportunities or acquaintances (especially opportunities found on the Internet).
  • A newly opened deposit account with an unusual amount of activity, such as account inquiries, or a large dollar amount or high number of incoming EFTs.
  • An account that receives incoming EFTs then shortly afterward originates outgoing wire transfers or cash withdrawals approximately eight to ten percent less than the incoming EFTs.
  • A foreign exchange student with a J-1 Visa and fraudulent passport opening a student account with a high volume of incoming/outgoing EFT activity.

Money mule activity is essentially electronic money laundering addressed by the Bank Secrecy Act and Anti-Money Laundering Regulations. Strong customer identification, customer due diligence, and high-risk account monitoring procedures are essential for detecting suspicious activity, including money mule accounts. Financial institutions can find additional guidance about customer identification, account monitoring, suspicious activity reporting, and identity theft red flags below:

FDIC Risk Management Manual of Examination Policies – Bank Secrecy Act

FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual

FFIEC Identity Theft Red Flags – Interagency Final Regulations and Guidelines

Financial institutions should act promptly when they believe fraudulent or improper activities have occurred, such as those of a money mule. Appropriate actions may include, but are not limited to, filing a Suspicious Activity Report and/or closing the deposit account in accordance with existing, board-approved account closure policies and procedures.

Cyber-fraud incidents and other fraudulent activity may be forwarded to the FDIC’s Cyber-Fraud and Financial Crimes Section, 550 17th Street, N.W., Room F-4004, Washington, D.C. 20429, or transmitted electronically to [email protected]. Questions related to federal deposit insurance or consumer issues should be submitted to the FDIC using an online Customer Service Form.


Original notice as posted by the FDIC: Special Alert: SA-185-2009


 

Latest News
    The Four Basic Truths of System Security Webinar-Video The last thirty years have seen an evolution of frameworks, laws, and assessment approaches to information security which can intimidate the management team with their complexity. This webinar will discuss the four basic truths of system security regardless of frameworks or approach, and eight control systems to […]
    Community Banking and their layers of security. . . Michael Hartke’s first post as Executive Vice President! Thinking back to my first talk to security professionals in community banking almost 10 years ago, the question continues to this day. First some background… infotex was moderating the Indiana Bankers Association Security Conference when one of the […]
    Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to offerings.infotex.com! We even made a movie with all the reasons why infotex should be your next MSOC!  
    infotex and GoTo To all infotex managed security service Clients: As recently reported by major news outlets there was a data breach affecting GoTo (formerly LogMeIn) wherein attackers stole encrypted backups containing customer information in November 2022.  Based on the advisory from GoTo the products they offer that are affected include LogMeIn Pro, LogMeIn Central, […]
    An option for increasing security for ALL organizations. . . The threat landscape is evolving daily, and it is becoming increasingly difficult for even large organizations providing cyber defense services to keep up. As Brandao (2021) notes, it is important for organizations to adapt holistic technologies that can correlate all attack events. Therefore, developing XDR […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    A relic of the internet’s less secure past, many small firms struggle to secure their email systems… An article review. With a great deal of cybersecurity related news focused on new threats and similarly new techniques aimed at combating them, it can be easy to forget some of the older threats that have never gone […]
    Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome to the Magnificent Seven, my annual predictive article about the seven trends in technology that will impact the Information Security Officers of […]
    System Security and Cybersecurity are not the same thing. . . Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Regarding “information security,” the last thirty years have seen an evolution of frameworks, laws, and assessment approaches which intimidate the management team with their complexity.  […]
    The cryptographic algorithm is vulnerable to attack and is no longer considered secure… An article review. NIST has announced that it plans to retire the SHA-1 cryptographic algorithm by the end of 2030, citing multiple vulnerabilities in the standard, effectively ending its use after nearly 30 years.  Introduced in 1995, SHA-1 used a 160-bit hash […]