How can we overcome the threat of mule fraud during COVID-19? (Part 1)

Criminal scams during COVID-19 are focused on exploiting our anxieties and changes to our working circumstances. The FBI, Interpol, and other criminal investigation organizations are publishing daily warnings due to the intensity of current trends in criminal activity.

Once criminals have managed to scam money out of someone’s account, they will often use a network of other bank accounts to exfiltrate their illicit proceeds and hide their tracks. These are known as mule accounts and they are in increasing demand from criminal organizations.

This article is the first of a two-part series and will examine how mule accounts are a crucial component of the scams evolving during COVID-19. Part two will focus on ways financial institutions can identify and disable these accounts to protect their customers from fraud and immobilize criminals as they try to escape with the cash

How COVID-19 has changed the business model for fraud

As the steady supply of compromised account details through the dark web has been disrupted, new fraud types are evolving at a rapid rate. Many scams relating to COVID-19 are familiar methods being deployed in the context of the current challenges we face as a society. For example, taking advantage of remote working circumstances to commit mandate fraud, where an employee responsible for making payments to genuine suppliers is tricked into paying a bank account controlled by a criminal gang.

Often scammers will look for ways to deploy malicious software in an attempt to compromise bank accounts or obtain personal information, which helps them commit identity theft. In many of the recent scams, fraudsters will spoof the text message or email chain from genuine correspondence with the providers and the authorities, making it far more likely for the recipient to click on malicious links or to action fake requests.

• Preying on the need to stay connected during the period of isolation. For example, people are receiving text messages and emails indicating a WIFI or phone bill payment has not gone through and that they will be cut-off if they do not pay.
• Preying on financial distress caused by the economic impact and offering false financial relief, such as government aid, tax breaks, or holiday cancellation refunds.
• Preying on the fear of non-compliance with government instructions. For example, issuing fake fines to individuals for traveling outside of their homes during lockdown periods.
• Preying on the need for medical equipment, personal hygiene, or other consumables, such as face masks and soaps.

And as governments pour relief and stimulus into their economies, these funds are also a prime target for criminals. Intercepting payments before they reach small business owners and individuals offers limited risk and high reward.

To support this shift in fraudulent activity toward new and remote methods, we are also observing a corresponding increase in the dependency on mule accounts which are used after the crime has been perpetrated to move the cash away from the scene of the crime.

How are criminals using COVID-19 to build their mule networks?

1. Targeting those in financial distress to become money mules

It is common for criminal organizations to target vulnerable groups, including the elderly, students, and schoolchildren – even at a very young pre-teen age. As a result of COVID-19, an obvious group to target are those in financial distress. There is a significant proportion of the global population working in the most severely impacted industries who are now unable to go to work. Many of these people will be in financial distress as a result of being furloughed or made redundant due to the economic impact. This means individuals have more time on their hands and may be looking for new sources of income, making them vulnerable and more susceptible to get-rich-quick schemes advertised on social media. This form of recruitment is a common way that criminals scam ordinary people into facilitating their illicit activity. They promise a strong financial incentive for doing very little; all you need is a bank account and to be happy to look the other way.

2. Exploiting social isolation to commit identity theft and open accounts they control directly

As well as recruiting people as human puppets in their orchestrated schemes, criminals are capitalizing on the changes in working practices to open new accounts which they then control. As customers cannot currently go into a branch to open a new bank account or facility, they have to use online channels. Approving facilities remotely without in-person validation significantly increases the risk of criminal-controlled accounts, created using stolen personal information and forged documentation.

As Confirmation-of-Payee is introduced in the UK to tackle Authorized-Push-Payment fraud, we are also observing new schemes where criminals use highly targeted identity theft to set up accounts in the name of the genuine payee but under criminal control. This will mean they can still defraud the originating account of funds and avoid detection. This trend is emerging even before the industry counter-fraud measure is live. In a recent Dear CEO letter, the FCA advises on what measures financial institutions should take during COVID-19 for identification and verification purposes to mitigate this type of risk.

3. Using victims from other crimes as mule account owners

Another way in which these accounts are being obtained is by repurposing people that were previously being exploited as part of ongoing criminal activity. COVID-19 means that modern slavery and sex trafficking operations have stalled. Criminals are looking for other ways to continue making money. In some cases, victims are being redeployed into counterfeit goods manufacturing or are being redirected into other modern slavery roles where there is a current demand, such as agricultural or logistics businesses. In other cases criminals are turning to mule fraud, opening bank accounts in the names of the victims who have then been turned out onto the street while the criminals continue to operate their accounts as mule facilities.

Financial institutions simultaneously face unprecedented operational challenges

As well as rapid changes to criminal behavior, COVID-19 has put pressure on the bank’s call centers with high levels of absenteeism through illness or difficulties adhering to social distancing guidelines. Financial institutions also have customers, particularly within elderly communities, who are unfamiliar with the concept of online banking and require additional direct support. Financial institutions are keen to maintain customer satisfaction, keeping process friction at a minimum but adapting to the new working realities presents a real challenge.

During this crisis period, financial institutions are also highly conscious of the reputational risks associated with their decisions around the account opening process and the potential impact of counter-fraud measures on customers, such as delaying or stopping transactions.  While focusing on delivering the usual high standard of service to their customers, financial institutions may find it hard to simultaneously adapt defenses against the rising tide of mule fraud.

What will be the impact in 2020?

The circumstances surrounding COVID-19 have created an environment where criminals can easily generate large networks of mule accounts to facilitate the growing number of scams defrauding individuals and businesses across the world – remotely. There has never been a time where the opportunity to exploit digital channels has been greater, where the demand for new mule accounts by organized crime has been higher nor where as many people have been in financial distress in search of a solution. This combination paints a dark picture of the pervasive exploitation of mule accounts in 2020.

In order to tackle mule fraud, financial institutions should look to adopt a contextual approach to detection which has the dynamic capability to identify both existing and emerging threats. The next article in this series will look at tactics and techniques financial institutions can use to detect mule fraud.

Read Part 2 here.

DOWNLOAD OUR SITUATIONAL AWARENESS WHITE PAPER

To find out more about how financial institutions can leverage data and technology to overcome current challenges like mule fraud and other long-term threats resulting from COVID-19, download our latest white paper on situational awareness here.