Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



How Economic Changes and Crypto’s Rise Are Fueling the use of “Cyber Mules”

The rise of cryptocurrency has ushered in a new era of money laundering

The rise of cryptocurrency has ushered in a new era of money laundering

As fears over recession loom in many places globally, both cybercrime and job insecurity are on the rise. Meanwhile, some layoffs have occurred and the conversations at work around working-from-anywhere or back to the office continue. And if history tells us anything, it’s that this type of environment is ripe for the increased use of “cyber mules” – aka the cybercrime world’s money mules. In fact, FortiGuard Labs researchers have seen almost 100% growth in new ransomware variants in 2022 so far compared to the prior six months.

We hear a lot about drug mules, but what are cyber mules? It’s similar to how drug dealers rely on unsuspecting or otherwise vulnerable people to help them transport drugs or launder the proceeds of those sales. Cybercriminals use people to help them launder the proceeds of cybercrime. Most of these so-called mules are driven by greed or desperation, and while many have some idea what they’re getting into, others are initially lured in under false pretenses. In fact, we’ve already been seeing this phenomenon throughout the pandemic.

The rise of cryptocurrency has ushered in a new era of money laundering, and amid a period of economic insecurity, the conditions are all too right for a new wave of cyber mules. Job seekers must stay savvy, or they could find themselves unwittingly participating in helping criminal enterprises.

The role of money mules in cybercrime

We’ve seen this before, and we’ll see it again: when times are tough, there’s often a rise in money mules. Going back to 2010, we saw that money mules were being aggressively recruited to help cybercriminals launder money. The FBI’s Internet Crime Complaint Center found out how lucrative this scheme can be. For online fraud that took place between 2015 and 2019, money mules were involved in most of the $3.5 billion in financial losses. Fraud reports to the agency increased threefold during that period, as well.

The economic crisis created by the pandemic only ratcheted up solicitation for and willingness to participate in cybercrime money laundering. In response, the U.S. Financial Crimes Enforcement Network released an advisory in July 2020 “to aid financial institutions in detecting, preventing and reporting potential COVID- 19-related criminal activity.” 

Much like drug mules, cybercriminals often lure in unsuspecting or unsavvy individuals to help them launder the proceeds of cybercrime. Some know what they’re getting into, while others are brought in under false pretenses.

Watch out for mule recruitment

Criminal groups often use job ads that appear to be authentic to recruit mules. A questionable job posting might state that a potential employer is searching for a “payment processing agent,” a “money transfer agent” or even a position as broad and ambiguous as an “administration representative.” These job postings may appear anywhere, including internet employment boards and via direct emails. Even though many mules probably go into the “job” fully aware of all the criminal repercussions of their tasks, a surprising proportion do not.

These solicitation emails and job postings exploit individuals’ desperation, offering what appear to be legitimate positions with duties like “administer day-to-day financial responsibility for clients” and “write weekly financial reports.”

How cryptocurrency worsens the situation 

Before cryptocurrency entered the picture, money laundering was more complex and also left a trail that was easier to follow. Court indictments from money laundering cases lay out the process money mules would use. They would open accounts at three to five financial institutions using their real names. They would then launder funds using bank transfers, direct deposit, mail or money transfer services. The criminals and their mules would keep deposits under $10K to avoid setting off anti-money laundering (AML) alarms. 

Cryptocurrency has changed the game, largely because of lack of regulatory oversight. It doesn’t have the same limitations as traditional money, and transactions are often anonymous. Crypto transactions create layers of obfuscation that make them ideal for money laundering. A report by blockchain data company Chainalysis found that in 2021, criminals laundered $8.6 billion of cryptocurrency – a 30% increase from 2020. We can predict that as inflation and recession take their toll, these figures will rise in 2022.

Don’t be taken in

Look for these red flags in job offers to avoid being duped into laundering money:

• Remember the adage: If it seems too good to be true, it is. Any job postings that promise excellent benefits for little to no effort or prior work experience should be disregarded.

• If the job description is ambiguous, imprecise or doesn’t specify who you would report to, you should dig deeper into the business to find the answers to those questions.

• Along with this, do your homework by searching/researching about job postings. If it’s a scam, there’s a good chance you’re not the only one who’s come across it.

• Be very careful when considering work offers that come from abroad, because it might be quite challenging to investigate and confirm them. Think twice before partnering with a company if their website lacks verifiable contact information, such as a phone number, email address and physical address.

• Walk away from any “business” that requests your personal bank account number as the channel through which payments are to be made. Recruiters frequently insist that their mules use anonymous money transfer services to send money. Also avoid any “business” looking for other sensitive information like social security numbers and driver’s license identification numbers, which can be used for identity theft.

Stay sharp

There’s a scam born every minute, especially in these days of economic turmoil. Criminals have used money mules for years to launder their ill-gotten gains, and cryptocurrency is making it easier than ever to do so. As we enter a period of global financial insecurity, will more people be lured into serving as the conduits for this crime? Will they see it as a quick way to make money without understanding the full consequences? Probably, but you don’t have to be one of them. Use the information above to keep from becoming a cyber money mule. 

Written By

Derek Manky is Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.