Phishers have been using social networks such as Facebook, MySpace and Twitter for years now as fertile hunting grounds not only for new victims but as a way to find new participants in their scams, as well. Now, the scammers have taken to creating Facebook groups specifically dedicated to the work-at-home scams that often serve as recruitment schemes for money mules. One such group that’s being tracked by researchers has nearly 225,000 members on Facebook.
The criminals promise that their potential mules will get
more than $ 6,000 USD per month and will only need to work no more than
some parts of the offer according to your current geographical
location. So, it’s another old, but in some cases, effective
trick to lure more potential mules.
Money mules are an integral part of the phishing and credit-card theft ecosystem, effectively serving as the money launderers for the actual phishing gangs on the back end. The money mules are recruited through these work-from-home or easy money scams that promise high payments for very little effort. What they usually end up doing is accepting deposits and wire transfers of thousands of dollars a day, then transferring the money to other accounts designated by the phishing gang.
For their trouble, the money mules typically earn a small commission on each transaction. In one sense, it is pretty easy money. But the reality is that the money mules are the ones in the phishing scams who are most exposed to discovery, arrest and prosecution. In some cases the money mules don’t actually know what the end result of their activities is, they just know that they’re moving money from one account to another.
But that’s not enough to protect them from prosecution, so the phishers are always in need of new mules for their scams. And Facebook is turning into their recruitment scheme of choice.
The nature and content of these recruiting scams on Twitter, Facebook and other sites has evolved and improved over time as the scammers have seen what works and what doesn’t. The gangs behind these scams also move around the Internet quite a bit, changing domains often and using multiple URL redirects to obfuscate the ultimate destination site when potential victims click on one of their links.
It’s the same kind of tactic that has worked so well on the front end of phishing scams, disguising malicious domains, redirecting victims through a series of hops and using digital sleight-of-hand to make their scams look more attractive.