Hackers who raid corporate bank accounts often launder stolen funds by depositing them in accounts owned by “money mules,” people recruited through work-at-home job scams. The mules are usually instructed to wire the stolen funds to the scammers. Increasingly, however, the mules are being directed…
Hackers who raid corporate bank accounts often launder stolen funds by depositing them in accounts owned by “money mules,” people recruited through work-at-home job scams. The mules are usually instructed to wire the stolen funds to the scammers. Increasingly, however, the mules are being directed to send the funds using bitcoin ATMs, according to KrebsOnSecurity.
The story of a Canadian reader who contacted KrebsOnSecurity demonstrates how such scams work.
The reader was offered $870 per week and 5% commission for every transaction she handled for a company called Lunarbay(dot)biz. She became suspicious after receiving information on forwarding the funds.
She was told to withdraw the funds form her account and go to the bank. She then received a QR code to save on her smartphone and given the location of the closest bitcoin ATM. She was sent an instructional Youtube video on how to make payments using a Lamassu bitcoin ATM and told to process the payment within three hours.
Krebs suspected the scammers used the bitcoin ATM since traditional wire services might be doing a better job of detecting and blocking suspicious transactions. In addition, bitcoin transactions are faster.
The scammers use multiple QR codes linked to different bitcoin addresses. The reader in the above example provided Krebs with a link to a bitcoin account that received eight transactions in a three-day period totaling more than 6.3 BTC, $3,823 at current exchange rates.
The Lunarbay(dot)biz website noted the company has existed for several years. It referenced a legitimate business by the same name in the United Kingdom. The domain name, however, was only registered in late August 2016, and apparently used content from a legitimate marketing firm in Australia called Bonfire.
Krebs advised readers that money mule scammers specialize in hacking employment recruitment sites such as Hotjobs.com and Monster.com, where they can search millions of resumes to find people seeking employment. He warned readers to be wary of employment solicitation through email.
Krebs further noted that money mules could face legal action and could be asked to repay illegally transferred funds.
Featured image from Shutterstock.
Last modified: January 10, 2020 2:52 PM UTC