'Money Mule' Recruitment Network Exposed
In a blog post earlier this week, Security Fix examined the crucial role of "money mules" -- people in the United States who are willingly or unwittingly recruited to help cyber fraudsters steal money from businesses. In this column, we'll peer a bit deeper into how mules are recruited, and how they often communicate with their employers.
Security Fix interviewed one of the mules hired to receive money from Sanford School District, a small school system in Colorado that was robbed of $117,000 last month when hackers used the district's online banking credentials to send sub-$10,000 payments to this mule and 16 others.
The mule I spoke with said she was hired by a company called the Scope Group Inc., which claimed to be a nearly 20-year-old investment firm operating out of New York. The Scope Group did not return e-mails seeking comment, but there is no listing for a current company by that name in the New York State business register. Also, the company's Web site is hosted in China, and its domain name -- www.scope-group.cn-- ends with a Chinese country code. In addition, that domain name was registered on June 25, 2009, just a few weeks before the fraud against Sanford School District was perpetrated.
The Sanford mule -- who spoke on the condition of anonymity out of fear of reprisals by the hacked company and perhaps by the hackers themselves -- said the Scope Group approached her via e-mail, saying it had found her resume on Careerbuilder.com, and would she be interested in a work-at-home job acting as a "financial manager"? Having worked as a payroll manager in a previous job, the mule said she thought it was a perfect fit. Besides, she said, she'd been out of work since March.
The mule said that after responding to the initial recruitment e-mail, she was directed to create a profile at the Web site www.scope-group.cn. She was then asked to provide a large amount of personal and financial data, including her name, address, Social Security number, bank account and routing numbers, as well as a scanned copy of her drivers license. During the enrollment, she was prompted several times to make sure that her bank would allow her to withdraw up to at least $10,000 a day.
When she initially received a $9,815 transfer from Sanford School District's account, her managers sent her a notice through the scope-group.cn site that the funds had been deposited into her bank account (see screen shot below). According to the task notice sent to her through her Scope Group account, the money was transferred with the notation "Conejos School District 6J," one of the schools in the Sanford School District (for more on that attack, see Cyber Crooks Target Public and Private Schools).
What follows is a series of screen shots of and excerpts from messages she was sent leading up to receiving that transfer.
After signing up, the woman was told to log in to her account at the Scope Group Web site every weekday morning from 9 a.m. to 11 a.m. local time, and to periodically check her "tasks" and "messages" folders -- more or less a Web-based e-mail inbox --- for news of incoming deposits.
Below is the body of text taken from a message sent to our mule -- and ostensibly all Scope Group employees who complete the signup process and are preparing to start their first day on the job.
My name is Thomas Chavers. I am Personnel Manager of Scope Group Inc. and will be your supervisor.
First of all I would like to congratulate you on the beginning of your work with Scope Group Inc. as a Financial Manager.
Having gained operational experience in Scope Group Inc., I recommend all new employees to treat seriously every small detail they may encounter in the course of their work. You have a real chance to obtain quick promotion in the nearest future if our management is satisfied with your job results.
Please strictly follow my instructions, do your best to perform your functional duties properly, be responsible and careful and the results will not take long to appear!
REMEMBER that you will be working with funds belonging to other people. Delays are unacceptable as we sign legally binding contracts with our clients.
According to the agreement (see EXHIBIT A: COMPENSATION) we have concluded, Scope Group Inc. is entitled to cutting back on agent's commission in case of payment processing terms violation by the agent. In case Financial Agent unreasonably delays transferring the money he/she received at his/her bank account for the period exceeding one business day, we may impose sanctions on him/her (if only the delay was not caused by any Force Majeur circumstances) and apply to arbitration and claim for reimbursement of the amount transferred to his/her account or for compensation of any other damage, if any, caused by such a delay.
We guarantee that you'll get your first task within 5 business days if you observe the following conditions:
- Every day at 9 a. m. sharp check your e-mail and Task Manager (TM) account.(PLEASE NOTE that our system logs all your activities.)
- Be always available via cell phone during business hours (preferred).
Scope Group Inc. has a right to cancel the contract if these conditions are not observed. If you observe these conditions only partially you may be at risk of getting discharged after the Probationary Period.
*ALSO, Our system automatically adds bonuses ($50-$100) if you check your TM account regularly.
The Scope Group apparently wants employees to know that if they get any bright ideas -- like trying to make off with a $9,500 deposit and neglecting to wire the money as instructed -- that the company won't hesitate to alert the FBI and/or other appropriate law enforcement agencies. Mules also are reminded that their employers have a great deal of information about them, including their IP address (not to mention every other piece of data one might need to steal a mule's identity at some date in the future). Again, from the introductory e-mail sent to our mule:
"IMPORTANT: In the past we registered attempts of fraud and as the amounts of transactions handled by our financial managers are quite considerable, we closely cooperate with the police, FBI, Criminal Police Organization in all the countries of the world. Scope Group Inc. has a security department that supervises such issues.Your every visit on the site is logged by our system and your IP address is saved.
***We recommend to use 2-3 different locations to complete the transaction.
After cash withdrawal you are to make transfer(s) at your local Western Union location(s). Commission (8 %) should be deducted from the received money. WU fees along with all other costs, such as bank fees, transportation costs, etc. are covered by you and are deducted from your commission.
The Sanford mule I interviewed said the bank account she gave the Scope Group to receive deposits was a business account, and that her bank's fraud division closed it immediately after it learned the $9,815 transfer she received was fraudulent. They also changed her business account balance to -$888,888.88, a figure the mule said her bank told her was assigned to accounts as an indication that they are to receive no future debits or credits.
"I had to prove to my bank that I was a victim of fraud," the mule told Security Fix. "I had to fax them the receipts for the wire transfers I sent after I received the money, to prove that I didn't just keep it. They said that since I was the victim of fraud, the bank would normally file an insurance claim, and that's how they would recoup the money."
I should note that because these fraudsters tend to use generic-sounding names for their fake corporations, there are a number of businesses which have names similar to The Scope Group that have nothing to do with the perpetrators of this crime. I spoke with one gentleman from a legitimate Scope Group Inc. in Houston, who said the company had received close to 30 e-mails and phone calls over the past few weeks from curious or angry people wondering whether they were involved in the scam.
September 24, 2009; 3:10 PM ET
Categories: Fraud , From the Bunker , Latest Warnings , Safety Tips , Small Business Victims , Web Fraud 2.0 | Tags: money mules, sanford school district, scope group
Save & Share: Previous: Maine Firm Sues Bank After $588,000 Cyber Heist
Next: Don't Get Web 2.0wned
Posted by: wiredog | September 24, 2009 3:44 PM | Report abuse
Posted by: BTKrebs | September 24, 2009 3:58 PM | Report abuse
Posted by: littlescraper | September 26, 2009 9:54 PM | Report abuse
Posted by: BTKrebs | September 26, 2009 11:57 PM | Report abuse
Posted by: revolutionaryreader | September 28, 2009 1:55 PM | Report abuse
Posted by: saviolau | September 28, 2009 2:06 PM | Report abuse
Posted by: -MGD- | September 28, 2009 5:56 PM | Report abuse
Posted by: buckh | September 28, 2009 11:03 PM | Report abuse
Posted by: Darwin26 | September 29, 2009 2:39 AM | Report abuse
Posted by: killspammerz | September 29, 2009 1:50 PM | Report abuse
Posted by: johanna3 | September 30, 2009 10:30 PM | Report abuse
The comments to this entry are closed.