Attack methods using hybrid bots enable criminals to open mule accounts at scale

During the first half of 2022, BioCatch data reveals that money mule accounts represent up to 0.3 percent of accounts held by financial institutions, and an estimated $3 billion in fraudulent financial transfers.

mule accounts

According to the Federal Deposit Insurance Corporation (FDIC), there are 124 million U.S. households that had a member with at least one bank account, although consumers own an average of 5.3 bank accounts across all types of financial institutions. Applying BioCatch findings to the estimated 657 million bank accounts in the United States, this translates to approximately two million mule accounts and nearly $3 billion in fraudulent transfers in a year. Further, the research found that the average mule transaction value is $1,500 – a comparatively low number to avoid detection by traditional means.

Hybrid bots can open new mule accounts at scale

Researchers uncovered a likely reason behind the rise in new mule account creation: the use of hybrid bots that can open new accounts at scale. This is an emerging trend that was observed for over a year through monitoring of user behavior in the account opening process.

To avoid the bot detection capabilities deployed by most banks, criminals developed hybrid bots that enable some parts of the application to be filled in manually by a human and other parts to be completed in an automated fashion. For example, criminals typically use a script to fill in such data as a Social Security number or phone number, while there is human intervention with the pasting of data in other PII fields such as address and keystroke entries.

“Our researchers determined that one percent of mule accounts are created by bots,” said Gadi Mazor, CEO at BioCatch. “Financial institutions should expect that the use of bots in the account opening process will continue to grow, as they are a critical link in the fraud supply chain enabling criminals to cash out at the end of the money laundering process. However, mule activity can be detected at all stages of a customer’s banking journey through behavioral biometrics.”

Mule accounts: A global problem

Mule accounts are a global problem, and not only isolated to the United States. For example, in the UK, 156 million consumer bank accounts translates to 468,000 mule accounts and $702 million (or £550 million) in fraudulent transfers. According to Europol, more than 90 percent of money mule transactions are linked directly to cybercrime.

Cybercriminals open mule accounts using stolen or synthetic identities, or criminals work with accomplices who use their personal information either wittingly or unwittingly to open money mule accounts. The rise in mule activity is particularly alarming with account holders under the age of 30. Last year, UK fraud prevention non-profit Cifas reported a 76 percent increase in accounts of those aged 21 to 30 that demonstrated classic signs of mule activity.

Detecting mule activity has long been a challenge for financial institutions. Recent research by Aite-Novarica shows that more than 80% of fraud executives interviewed believe that more can and should be done to mitigate the risk of mule activities in the industry.

“If mule activity continues to be neglected as a risk that is actively mitigated by a well-defined and formally ordained program, then faster payments and the trends among fraudsters to target clients with scams such as BEC and Authorized Push Payments will fuel significant growth in fraud,” said Trace Fooshee, Senior Analyst Fraud and AML at Aite-Novarica. “This could also lead to a wider variety of more pernicious crimes ranging from terrorism to human trafficking.”

Don't miss