Money Mule Red Flags and How to Spot Them

In this blog, we’ll outline key money mule red flags and how banks can use novel technology to protect themselves and their customers. 

What are Money Mules?

A money mule is a person who, intentionally or unintentionally, gets money from criminal activity and passes it on, getting a small share of it in return. It can also be someone duped into thinking they are applying for a job online. Alternatively, a bad actor can use a romance scam to manipulate victims into moving money on their behalf.

Why Are Young People at Risk of Becoming Money Mules?

Young people are frequently targeted for money mule recruitment. That’s because this group spends considerable time online and is often more trusting of people they meet on social media and other digital channels. 

Plus, most younger people don’t have deep financial resources compared to older adults. Too often, this situation makes them highly vulnerable to money-making opportunities that seem too good to be true (because they are!). As a result, they may hastily dismiss the red flags of a money mule recruitment scheme. Many young people also don’t fully understand the gravity of the crime they are committing, instead seeing it as easy money that doesn’t harm anyone.

Social engineering is one of the critical things about money mules and how criminals are successful. They target vulnerable people who may be eager to make what sounds like easy money.

Students, for example, are at exceptionally high risk because they could be approached at a university by somebody who is in an organized gang. The criminals give them a pitch such as, “Hey, look, we just need to use your bank accounts. You know, small amounts going in and out, and you take a commission. It’s no big deal and easy money for you.” 

Unfortunately, the students won’t realize these seemingly harmless money transfers have serious legal consequences. 

Interpol recently has been running a campaign since August 2022. The campaign “Your account, your crime” is focused on placing the burden of responsibility back onto the individual. The campaign’s goal is to remind people that whether money mules are aware of their crimes or not, they can face serious legal consequences for their participation. 

How Behavioral Biometrics Identifies Money Mule Red Flags

But there’s also the chance that criminals take over a person’s account. For example, the person’s credentials could be leaked on the dark web and compromised without the account owner realizing it.

Using the stolen data, criminals can access the person’s bank accounts and move money in and out without necessarily knowing about it. Unless the account owner reviews their statements regularly, the crime can go undetected for a long time. 

Behavioral biometrics is a powerful technological solution to counter account takeover attacks after leaked credentials. Behavioral biometrics ensures that the person operating the device has built up a profile with the bank for a long time. The technology works by confirming the person’s identity and monitoring how they handle their mobile devices. The technology measures the tilt of the device, how quickly the person types, how much pressure they put on the keypad, or how fast they enter data. These behavioral patterns are challenging to mimic if you’re not that person. 

Money Mule Red Flags for Banks to Monitor

While it’s a challenge for a bank to spot a money mule, there are several red flags banks can monitor.

Track Known Transactional Activities

The first one is to monitor an existing account’s transactional patterns. Do the customer’s activities fall out of the norm of how they usually behave? Understanding the CDD profile and the bank account’s original intentions is critical and may require tuning your transaction monitoring systems.

For example, your bank may start seeing an account make international transfers, which the customer was not using or used very infrequently. This is a red flag for money mule activity.

Watch for Money Mule Commissions

Banks can also monitor if customers collect a commission related to suspicious or criminal activity. Let’s say the customer earns a commission for funds coming in and going out. The amount retained in the account is 10, 12.5, or 15% of the total. This is a red flag that strongly indicates the customer is taking a commission off the funds. 

This is especially concerning when you think about the rapid movements of funds. When payments come in, 10% gets taken off, and then a transfer goes out within a very short period. 

Look at Known Money Mule Data

Banks can also protect themselves by looking for more novel sources of known mule account information. This includes looking on the dark web, where credentials of individuals and known account takeovers have been published. Banks can use that information as part of the inbound payments stoppage process. 

The information can also support anti-money laundering (AML) and transaction monitoring investigation processes. 

What if a mule is identified outside the organization, but it’s trying to get into the organization, or vice versa? Banks can use novel techniques like link analysis to understand those payment flows and other potential accounts that may be compromised or part of a more comprehensive network. 

New legislation will go into effect in the UK next year, holding financial institutions liable for fraud coming in and moving out of their organization. With the money mule threat rising, banks must carefully consider if their defenses can identify critical red flags to identify money mule activity.