Government // Cybersecurity
News
1/20/2011
12:05 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cybercriminals Target Unemployed To Launder Money

Scams promising work-at-home opportunities disguise money mule operations to translate the glut of stolen identities into cash, says Cisco's annual security report.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010

What's in store for information security attacks this year? Expect more viruses, malware, spam, and phishing attacks, of course. But in a twist, also expect cybercriminals to devote more time and energy to translating stolen financial information into cash.

So says the "Cisco 2010 Annual Security Report," released on Thursday, which predicts that "the real focus of cybercriminal investment for 2011... will be on improving the success and expanding the number of cash-out services."

The problem for today's online criminals is that they have many more stolen account credentials than they can translate into profit. "Currently, the ratio of stolen account credentials to available mule capacity could be as high as 10,000 to 1," said Cisco senior security researcher Mary Landesman. On forums devoted to selling such information, "there's such a glut of stolen credit cards that they don't even fetch that much."

The barrier is simple: "cash-out" operations are labor-intensive and risky, and may result in arrest. To lower the risk to themselves, cybercriminals often farm out this part to money mules -- teams of criminals who use fake ATM or credit cards loaded with stolen account credentials. Money mules typically withdraw money from a different country than the one in which the target account is located, and outside the other country's banking hours. Criminals' goal is to maximize their haul before financial service organization's fraud departments get suspicious, block withdrawals, or alert law enforcement.

Increasingly, however, these money laundering operations are being built on scams that target unemployed or underemployed people, Landesman said. "Whereas a couple of years ago, money mules tended to be meth addicts or people addicted to drugs who didn't mind taking these risks, today, money mules tend to be people who are just victims."

Such scams increasingly pose as "work at home" opportunities where people's "job" involves receiving shipments of items, repackaging them, and shipping them out of the country. In reality, however, the goods have been ordered by criminals using stolen or fraudulent credentials, as a way to launder their money.

"When you're desperate to put food on the table, you might not look too closely at exactly what you're being asked to do," said Landesman.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.