Microsoft has somewhat controversially claimed that money mules are the ultimate victims of phishing emails, rather than the consumers or banks that cyber-crooks target in online banking scams. Mules act as middlemen who receive funds from compromised bank accounts before sending the bulk of the cash overseas to the organisers …
Wide of the mark?
"Herley has become noted in security circles by questioning many aspects of conventional wisdom about information security. ... This time however his provocative thinking seems to have strayed a little wide of the mark"
Really? He's bang on the money wrt the mules being the ones that suffer most (the ppl that the money was originally stolen from will get it back eventually - there's a lot of pain, but it will heal). The mules hand over the cash, then get that amount deducted from their account *again* by the bank. That ain't coming back.
You're confusing "victim" with "someone I should feel sorry for". They're like a Venn diagram - there's some overlap, but not every victim is someone you feel sorry for, and vice versa.
It's a pretty similar scam to the 419 scam. The only difference is that someone else (the cash originator) gets temporarily screwed too. In the end the mark is the mule though. (S)He's the one handing over cash for nowt.
Re: Wide of the mark?
Its often easier to rip off the dishonest than the honest - witness the good old scam of pretending fake goods are stolen and that's why the price is so low.
Re: Wide of the mark?
In this day and age I see people who are in dire need of any work and some of these offers don't look like they pay anything more than normal. The scampers even have good reasons why they need to ship through a broker or move money with a middle man. These people aren't greedy they just want to find work and are often quite shocked when their accounts end up drained instead. In fact one of my friends was offered one of these "jobs" and it took me quite awhile to convince her that there was no job and it was all a scam.
Re: Wide of the mark?
My son was in the same situation. I was glad that he discussed it with me before proceeding to deposit the cheque and that I was able to convince him it was a scam.
Not taken in
When I kept getting offers to work from home, it was good to start asking questions about their business and why the 'eck they'd need anyone to handle their payments in the UK, when one lot had an address up on Tyneside. They wanted someone to do their payment processing, yes, but when I offered to do their VAT invoicing and PAYE as well they stopped sending me emails! Possibly they suspected I was actually in the UK.
What else are they, but victims?
Scam emails where the scammer claims to be a small business having difficulty getting payments from foreign customers are common, and in need of local agents who will bank money and send it on via Western Union less a small commission. Something that too many people see as plausible. They aren't greedy, just in need of employment, especially in the present economic climate.
There are multiple victims here...
the first victim is the originator of the money in the first place; the mules are secondary / tertiary victims.
The crooks don't give a damn how many victims they have, as long as they get the money.
Romance scam victims
Many mules are doing favours for their new internet 'loves'. Combine a lonely female with a dream romance and a lack of understanding how banking systems work - easy pickings for scammers.
419eater.com needs you!
Online phishing isn't our fault says Microsoft report
"We do not examine password-theft from email or social-networking sites. We don’t explore other aspects of cyber-crime".
Western Union - the scammers friend?
Several frauds I've seen involve the mark sending a large sum by Western Union which is then irrecoverable, in that case WU is the mule and does come out a winner.
It has become difficult to open a bank account in UK because of money laundering legislation (for example my *live at home* kid was asked for a passport and *two utility bills* as proof of ID). One might wonder if WU has become the legitimate face of money laundering. IMHO if they hand out the cash to an untraceable recipient (i.e. inadequate proof of ID) they should be held responsible for it's recovery in the case of fraud.
At the very least they should post a strong warning on their home page (at present there's just a pale gray "fraud" link at the bottom of the page - so they can claim to be warning people but the evidence suggests this is ineffective). I think they should be asking anyone sending more than say USD100 to sign a plain English statement that they know the money is irrecoverable and the recipient untraceable, that they are aware that confidence tricksters can exploit this as a payment mechanism and that they are completely confident that the recipient is trustworthy.
Just 3 sentences and 3 tick boxes rather than something bland like "I have read and agree terms and conditions". They might add a suggestion that "if you are in any doubt whatsoever then you should seek advice."
Money Mules _are_ the real victims.
Every other victim of fraud only loses money that they have and can borrow. Once that money is gone they can lose no more. Given time, they can recover. A money mule can easily lose more than they can ever repay, no matter how long they live.
It is true that many of them know that they are breaking the law, but a great many more think what they are doing is legal and above board. And many of those make no money from it at all; they are doing it as a favour for someone in difficulities, or someone that says they love them. Many of these actually lose money and still keep sending funds out.