There’s never been a better time to get involved in cybercrime.
That’s the tongue-in-cheek assessment of Uri Rivner, RSA’s head of new technologies for identity protection and verification, who gave a presentation at the RSA security conference in London on Wednesday.
But there is truth in his quip — the poor economy is driving people to find other work and it has become much easier for cybercriminals to recruit people, known as “mules,” to carry out crucial duties for scams.
Seduced by promises of extremely high weekly pay while working only a few hours, people agree to do tasks such as reship goods or allow their bank accounts to receive funds for transfers elsewhere.
The problem is, the goods are stolen, and their addresses are being used as drops, allowing the cybercriminals the luxury of not receiving the stolen goods directly that have been bought with stolen credit card data. Mules are also duped into allowing money to be transferred into their own bank accounts and then ordered to transfer the money elsewhere, a type of money laundering.
Many times, they have no idea they’ve become involved in a highly efficient criminal enterprise. Often, the mules get short shrift, Rivner said.
“They don’t get paid,” he said.
The cybercriminals will use a mule for a month or so and then recruit more mules. A study done by RSA of one bogus shipping service working for cybergangs found that thousands of Americans had signed up to reship packages from their homes via FedEx. At the time, the cybercriminals just recruited 33 people, knowing there were plenty more when those mules had been used, Rivner said.
“A bad economy makes people more responsive,” he said.
So what happens if a mule, for example, decided to just keep US$10,000 the cybercriminals sent to the mule’s account for laundering? Rivner said they’ve heard of cybercriminals sending a coffin — purchased with stolen credit card data — with the mule’s name imprinted on it.
“You can scare the mules into sending the money,” Rivner said.