The Mule is a casual criminal – or even a naive opportunist – used by others to launder the proceeds of cybercrime by taking stolen money and goods and turning them into ‘clean’ funds. They do this via internet payments, money transfers or online auctions.
They’re motivated by greed or desperation, and often work from home, internet cafés or free WiFi hotspots, relying on internet payment and bank accounts, as well as access to money transfer services in local shops. Mules run the highest chance of arrest or prosecution compared to other cyber criminal types, as their role is to provide the point at which virtual stolen goods are fenced or laundered into the physical world.
Just like the Insider, the Mule is either naive, or reckless. They might believe those ‘Make Money Online’ ads in their browser, or taped to lamp posts. Alternatively, they might think they can see how the scam works – and that they won’t be misled as a result. They may also be another part of the ‘back office’ of a cyber crime team.
Either way, Mules are on the bottom rung of the cyber crime ladder, and the most vulnerable to discovery and arrest. They’re laundering ill-gotten gains for more seasoned criminals elsewhere.
If they start out an innocent, they almost certainly don’t stay like that. However, fear or greed may well trap them for longer than they’d prefer, with the potential consequences of jail time.
The Mule is the physical part of a money laundering chain; the mechanism that turns the proceeds of cybercrime into ‘real money’. They take payments in to bank accounts, withdrawing cash and sending it on via money transfer. The Mule may also receive goods ordered with stolen credit card details, repackaging them and posting them onwards, to launder large amounts of stolen data into usable cash.
They’ll often be provided with training manuals by their employers that appear professional and legitimate and are assembled with a high degree of professionalism.
The Mule is primarily motivated by greed or desperation, and they may well have taken part in get-rich-quick pyramid schemes in the past, either as a victim or as an orchestrator of such schemes.
Mules that launder goods are typically gullible – and fail to see that the opportunity they are given seems too good to be true. More dangerously, other Mules may know what they’re getting into, but blinded by belief in their own ability or by underestimating the reach of law enforcement, fail to appreciate the risk they are taking.
Once snared by a money laundering gang, Mules that perform well and prove to be loyal may be rewarded with ‘promotion’ and put in charge of managing their own team of mules. At this point, the Mule is likely to realise what they are into (if they hadn’t already), and also likely to be ‘in too deep’ to make a clean break, either through simple greed or abject fear of the consequences.
Mules are often recruited through many forms of engagement; belonging to a network or professional group, where their skills are identified and recruited; via web ads promising easy money working from home and, increasingly less often, simple printed adverts distributed or posted in public areas.
They usually work from home or from areas with public WiFi, since they only need be able to access the internet, an ATM or bank, and a wire transfer service, often run by a shop or Post Office.
Online recruitment ads lead through to credible-looking sites that portray money laundering as some form of legitimate payment processing business – using phrases like ‘eBay fulfilment’ ‘Payment Solutions’ or ‘Advisory Solutions’ as a means to mask the true nature of the business. The sites often look, on the surface at least, like credible operations, not least because they often steal or imitate content from legitimate sites.
Mules who apply for jobs will be asked to provide their address, a copy of their ID, bank account and other electronic payment details and, in the process of applying for their ‘job’, give away all kinds of other personal information.
While they may simple be asked to receive electronic payments to their bank account, forwarding them via instant payment transfer services such as Western Union or PayPal, they may also be party to more complex frauds, accepting goods bought online with fraudulent payment details and fencing them on eBay or in local small ads, or participating in more complex schemes such as ‘Reverse ATM’ attacks which capitalise on tiny weaknesses in international transaction rules, coupled with an army of Mules in different countries.