Money Mules: The Critical Cash Out Service in the Fraud Supply Chain

by Heidi Bleau

Apr 18, 2016

While we might associate a mule with the stubborn, four-legged animal, in the world of cybercrime, it has a much different connotation. Mules can come in the forms of both accounts or people and are critical parts of the fraud supply chain. You can have mule accounts which are used to move stolen funds, or reshipping mules which are people who accept packages bought with stolen credit cards and then "reship" them to fraudsters in other countries where they are sold on the black market.

Mules are a common fraud-as-a-service offering in the dark web, but critical in enabling the cash out process. The owner-operators of these reshipping services spend a lot of their time recruiting "mules" or "drops." Most often it is unsuspecting individuals, many who live in the United States, that are enlisted through work-at-home job scams claiming to pay up to a promised $2500 a month salary in return for receiving and reshipping packages.

The owner-operators of a mule scam - which involves the purchase, reshipment and resale of consumer goods purchased with stolen credit cards - hire "stuffers" who use the stolen credit cards to purchase high-end products from merchants, which they ship to the "drop's" address. Once the mule receives the packages they use prepaid shipping labels to ship the packages back to the stuffers. After the stuffers receive these packages, they can then sell the products (openly) on the local black market. As for the mule, well, most are cut loose 30 days after their first shipment. And, of course, almost always before their first check comes due.

In terms of a payday, a typical cut realized by the shipping service operator can either be up to 50 percent of the overall value (with stuffers paying a portion of the overall retail value as a reshipping fee) or a flat $50-$70 per package. A recent study suggests that 1.6 million credit and debit cards are used to commit as much as $1.8 billion in reshipping fraud each year.

Building a Mule Service Operation

So, how are "mules" recruited? That's where the phony job scams come into play. We've all seen the ads about work-from-home (WFH) job opportunities. In most cases on the other end of these fake job offers are fraudsters and mule herders (yes, that's what they're known as) who coax unsuspecting citizens into giving away their bank account details all so they can receive an automated clearing house deposit or, ultimately, a counterfeit/worthless check. Once they're on the hook they are directed to electronically transfer funds to a third party, typically in a far-flung country -a fact, that is almost never disclosed to them.

Fraudsters leverage a variety of vehicles and platforms in an attempt to recruit mules. From spam email to job boards, and even social networking sites, there is no shortage of scams. Global economic pressures make it that much easier for fraudsters to recruit these "mules" with the promise of easy money in exchange.

The long-term unemployed may indeed be easy marks for these schemes, and probably feel that with nothing else to lose, why not give this a try (even despite the "too good to be true" warning they might be feeling inside). However, they and virtually most mules in this space will never see a commission. (There are instances of mules being complicit in these kinds of schemes, of course, but we hope they are more the exception than the rule). The risk is real. If they're caught and prosecuted there's the prospect of a long-term prison sentence. At the very least, there's a better than average chance of being a victim of identity theft down the road as the fraudsters already have all the PII they need including the mule's bank account and social security numbers.

The Power of Fraud Intelligence

As a standard part of our intelligence operations, we work on behalf of our customers to uncover mules, and each month, we identify hundreds of accounts being used to funnel stolen funds. Payment and money transfer fraud is an issue of concern for every financial institution, yet difficult to identify internally. Insight into known mule accounts has helped many banks prevent losses from fraudulent transfer requests to other banks, and also shut down accounts that may have been set up to prevent the flow of fraudulent transfers through their own organization.

To learn more about how RSA is integrating intelligence feeds, including mule account information, into products such as RSA Web Threat Detection to improve fraud detection, contact

Author: Heidi Bleau

Category: RSA Fundamentals, Blog Post

Keywords: Consumer Security, Cybercrime and Fraud, Fraud, Fraud Intelligence, Money Mules

Recommended for you