No money mule, no problem: Recruitment website kits for sale

A valuable asset in the fraud world, money mules enable cybercriminals to cash out stolen money. After cybercriminals take over a victim’s account, they enlist the help of a third person (a mule) to retrieve the money and send it to them in an untraceable way.

Typically, criminals manipulate mules into (a) receiving money from a victim’s account and (b) transferring the money to the criminal using a payment service (such as Western Union or MoneyGram). To do so, fraudsters set up fake company web sites that they use to recruit “financial managers” to manage the firm’s funds. The financial manager’s “job” is to receive payments from the company’s clients and then forward the payments (less a 2-10% commission) to company managers via a payment service. This tactic is the first lesson in Money Laundering 101. Bogus websites that are used as fronts for recruiting money mules have been around for many years. Trusteer’s security team has recently identified a Russian forum member who took the liberty of perfecting this scam and is now offering a universal money mule recruitment site kit.

The forum member offers a complete mule recruitment template package. The package includes a backend administration system, web site template, spam email templates, mule correspondence templates and more. The entire package is preconfigured for a fake brokerage company that is searching for “talented people to join our team of professionals.” Our investigation uncovered a map of the company’s headquarters, which is conveniently located in the Moscow University campus.

The email correspondence templates (titled “templates for drops”) include a number of scenarios in which the criminal needs to contact the money mule. Here are some examples:



The agreement referred to in this template is a four page, professionally written Word document that details the relationship between the company and the new employee. Article 3.1 of the document, titled “The Finance Manager Responsibilities” entails the following:

The Finance Manager agrees to spend at least 1-2 business hours per day to execute the job to full satisfaction of the Company and the Clients.

The Finance Manager agrees to transfer of the amount received by the Client, excluding the Finance Manager ‘s commission, which is individually discussed before the transaction, and can vary from 5% to 10% of the total amount. The amount, which after acceptance to the representative’s account is acknowledged as the Company’s assets, should be transferred in accordance with the details and via the payment system specified by the Company within 24 business hours.

Employee details

Money transfer

Some of the templates include requests for additional data or access to the mule’s bank account:

This package offers a comprehensive solution for cybercriminals, covering every aspect from mule recruitment to cashing out. This offering demonstrates once again that mules are critical players in the fraud eco-system. Similar to the cases of the website targeting universal MitB and the credit card targeting universal MitB we are witnessing offers in the cyber underground that provide potential buyers with flexibility and scalability.

Consumers must be made aware of these types of scams and educated about the perils of “work from home” offers that involve money transfers and questionable incoming transactions. As a rule of thumb – if there is any doubt, there should be no doubt! If an online offer seems even mildly suspicious – it’s probably illegal.

Author: Etay Maor, Fraud Prevention Solutions Manager at Trusteer.

More about

Don't miss