Understanding ‘Money Mules’ – an interview with IDnow fraud specialists

During the EURO 2020 tournament, our ID verification platform picked up a higher number of fraudulent activities across several clients. In the investigation, our fraud agents found patterns of what could be organized crime attacking specific organizations such as ‘Money Mules’.

By leveraging both machine learning and AI solutions as part of our IDnow platform as well as fraud specialists, fraudulent processed ID’s and activities could be successfully identified, and countermeasures initiated.

Incidents like big sports tournaments where the numbers of ‘Money Mules’ drastically spike are where our IDnow QM Manager such as Philomena and Michał come into play. In our interview today we will get to the bottom of ‘Money Mules’ and discuss recruiting tactics and patterns of fraudsters as well as overall consequences for detected ‘Money Mules’.

Understanding ‘Money Mules’ – an interview with IDnow fraud specialists 1

Philomena, Michał, let us start with the question of what your responsibilities are at IDnow as a QM Manager?

Philomena: Our team covers two essential parts to ensure that the quality expectations are met for both customers and users. Firstly, we ensure that our agents are aware and follow the high verification standards, which we have to fulfill from a regulatory point of view. Also, we want to ensure that our users have a pleasant experience going through the verification process.

Michał: The second part is to ensure that fraud attempts are prevented. We feel responsible for assisting our users and customers to not fall for fraud patterns.

Therefore, we analyze detected fraud cases, inform agents what to watch out for, and proactively reach out to our customers when we suspect patterns to find a solution immediately, such as when “Money Mules” are active.

‘Money Mules’ is a term that often appears in the financial crime world, but also generally in the business world. Probably everyone has a rough idea about it, but in your experience within the identity industry, how would you define ‘Money Mules’?

Michał: A ‘Money Mule’ is a person who voluntarily provides their data, motivated by the desire to make easy money as criminals offer fast cash for participation in the fraud procedure. They are often fully aware of breaking the law. But there is no proof that they are fully conscious of all the consequences.

The overall process of “Money Mules” looks like that they either open a bank account themselves, and thereafter give access and total control to criminals, or alternatively, the fraudsters open the accounts with their data. Both ways enable later to perform various financial embezzlement, e.g., money laundering, modern slavery, or terrorist finance.

Philomena: It is also very important to differentiate between ‘Money Mule’ and ‘Social Engineering’ scenarios. ‘Money Mules’ are participating in the fraud scenarios, cooperating as part of the criminal schemes.

In a social engineering scenario, a person is considered a victim of a scam. Their collaboration with the fraudster is not as apparent as they get involved through psychological manipulation. These victims are usually unaware that their actions are breaking the law. They are being tricked into opening accounts, for example, through job advertisements.

Can you give us an example of a Money Mule case that you encountered? What was your learning?

Philomena: We recently detected a ‘Money Mule’ pattern originating from the Philippines. At first glance, it looked like an organized criminal activity where users were intentionally cooperating with the fraudsters. By coincidence, we had this rare opportunity to correspond with some people taking part in the scam. After analyzing the situation and with the cooperation of the individuals involved, we concluded with high confidence that the users were, in fact, victims of a ‘social engineering’ attack.

Each of the victims was forced to take a loan and got tricked by a shady credit advertisement posted on Facebook. These users were entirely unaware that their actions may bring any penalties to them. We have learned that each case can have a “hidden agenda” that is usually not visible to fraud analysts.

What are the motives of those involved?

Michał: Again, we have to distinguish. With what we identify as ‘Money Mules’, we assume a criminal background and an eagerness to make easy money.

Poverty plays a huge role as well, as it can lead to criminal activities. If individuals are desperate or hopeless, they may feel they have no other choice.

How are ‘Money Mules’ recruited?

Philomena: Quite often, ‘Money Mules’ are recruited through social media channels. Even if these posts are discovered and taken down by regulatory authorities, it is easy for criminals to re-post scam advertisements. We regularly reach out to hosts (website providers) and make them aware of who is using their services.

Michał: We also see a combination of data leaks and fraudsters. Victims are contacted by a scammer via WhatsApp and get trapped in a social engineering scenario. The approached person might not actively look for any source of income/cooperation, but when they receive a random message from an unknown person, somehow it opens an unexpected opportunity to them.

Philomena: From our experience we can, unfortunately, say that it is typically shady trading and investment companies that are constantly looking for victims who would like to taste a “businessman” life.

What are the consequences for ‘Money Mules’ who have been identified?

Philomena: Firstly, often all their bank accounts (both accounts with fraudulent and non-fraudulent purposes) get closed or the money is frozen. After getting caught doing these criminal activities, individuals also find it difficult to get credit for things like phone contracts, student loans, and applying for credit in the future. Furthermore, it is also not uncommon to be condemned – individuals can be imprisoned for up to 14 years.

Such activity leaves a mark on the person’s criminal record which brings other consequences – it may also make it challenging to find a job, especially if it is one involving data protection. It is important to highlight this, especially as nowadays, almost every position has something to do with data protection, for example, payments.

Now that we discussed the subject of ‘Money Mules’, let’s drill further into the phenomenon of ‘Social Engineering’. You already mentioned it, but could you repeat to us, how is this different to ‘Money Mules’?

Michał: Internally we differentiate them as follows, nevertheless most institutions do not separate between ‘Money Mules’ and ‘Social Engineering’.

Victims of social engineering are not aware that their actions may have legal consequences. The scammer uses psychological manipulation to lure an innocent person into the trap. Usually, they are strongly convinced that they are working as an app tester or a financial clerk.

Furthermore, the tasks given to the victims are designed and described in a way not to draw victims’ attention. The criminal often provides a fancy job contract, which looks like the actual work arrangement at first glance. Other examples involve applying for a loan. The users are then convinced that the credit can be only issued under specific conditions, which usually contains opening an account with a financial institution and later passing the credentials to the fraudsters.

As a result, the criminal gains access to the freshly created bank account, which may result in further financial malversations in the victim’s name. The scammer will therefore remain undetected, and the whole liability will be passed to the unaware person.

In the case of ‘Money Mules’, the person is willingly cooperating with the criminal. In most scenarios, they are involved in money laundering processes as well and can gain credits for fulfilling different tasks.

How do victims get involved with ‘Social Engineering’?

Philomena: Usually, victims fall easily for fake jobs and loan advertisements on social media. In addition, most persons involved in ‘Social Engineering” are very eager to invest their money and are okay with working with a trading company which doesn’t’ necessarily have a good reputation. This is another version of the “boiler room”: The victim receives an “excellent investment offer” that they cannot reject.

Michał: More recently, we came across the so-called ‘Corona Fraud”. Users received a message stating that due to the corona regulation, they are required to register their profile on the specific portal. Naturally, the person then follows these instructions and provides all sensitive data and most likely identifies himself/herself for a financial service.

The ‘Corona Fraud’ also occurs on Dating apps when a newly contacted person all of a sudden needs financial help. Also, there is what we call the ‘Inheritance Fraud’. To receive a very attractive sum of money, the victim must open a bank account and perform a few money transfers or even provide the scammer with the credentials.

What are the consequences for the victims?

Philomena:  Fraudsters usually take over the victims’ account and sell the details online, rather on the dark web. Furthermore, usually at this point the victim appears as an easily accessible person (since their data was misused) and attracts other fraudsters. In the following, the victim’s documents/identity are often used for further manipulation and money laundering.

Michał: As for the legal side, there are no legal penalties for being a victim of social engineering. However, the person involved in the fraud might be prevented from leaving their country until the case has been solved. There is also the risk of the person getting a criminal record if the case is not handled correctly and the victim may have to take full liability for the financial losses. It can be a highly time-consuming process to accomplish all the bureaucracy formalities before being actually “free.” Ultimately, the victim might also end up with a huge debt and bad credit with credit card institutions.

Final question: What is – so to speak – the breeding ground for criminal activities such as ‘Money Mules’ or ‘Social Engineering’? What can users on the internet, but also companies, do to put a stop to this?

Michał: The fundamental problem is that the fraudsters often exploit the victims’ human vulnerabilities. This involves, for example, the financial hardship or interpersonal relationships (for example love relationships) of the victims. The fraudsters often know very well what their victims desire and act accordingly. The scammers work with the victims’ fears and weaknesses.

In situations of need, many people are often more susceptible, so the scammers have an easy target. Also, fake websites, for example, are becoming better and harder for an untrained eye to spot.

Philomena:  At this point, I would also like to refer you to the information provided by Europol, which summarizes very effective preventive measures. To put it in my own words, Europol recommends the following actions to users on the Internet:

  • Never give your bank account or any other personal details to anyone unless you know and trust them.
  • Secure your bank cards. Do not disclose your online banking login details, PIN, CVV number, etc.
  • Be very cautious of unsolicited emails or offers made over social media or in person, promising easy money.
  • Ignore any job offer involving money transfers through your bank account, regardless of how authentic they may seem. If an opportunity sounds too good to be true, it probably is.
  • If you have received emails of this type, do not respond to them, and do not click on any links they contain. Inform the police instead.
  • Stay alert for job ads and social media posts that promise easy money. Always report the account to the platform provider in order to be taken down and prevent other people from falling for the scam.
  • If you happen to receive an offer in person, decline it and report it to the police.
  • If you suspect that you are caught up in a ‘Money Mule’ or money laundering scheme, stop transferring money immediately, notify your bank or payment provider, and report it to your national police. You could help prevent other people from becoming money mules and even help catch the criminals.

Michał: I’d like to stress the fact that IDnow takes criminal activity/fraud very seriously and this is the reason why we have a dedicated team who is constantly working to prevent these types of frauds. As a trusted partner with very strong security standards, IDnow is constantly working to prevent fraudsters to enter our business customers systems, and of course for IDnow it is also very important to help individuals from being scammed, so our work is ultimately also protecting our end users from it.

Many thanks Philomena and Michał for the insights.

Interview by

Understanding ‘Money Mules’ – an interview with IDnow fraud specialists 2

Jonathan Bluemel
Senior Content & SEO Manager at IDnow
Connect with Jonathan on LinkedIn

Identity Fraud Report 2022

Identities in a digital-first world

Get an overview on the newest fraud and identity theft trends in our fraud report.
Download now


Let's talk!