The government agency that insures US banks has warned its members to be on the lookout for an increase in money mules used to launder money that's been electronically stolen from deposit accounts.

In a memo issued last week, the federal deposit insurance corporation told member banks the mules can often be spotted by common characteristics. The tell-tale signs include:

• someone with a newly opened account who receives unusually large numbers of electronic transfers

• account holders who receive electronic transfers and shortly afterward originate outgoing wire transfers or cash withdrawals that are 8 to 10 percent less (accounting for the mule's commission), and

• foreign exchange students with a J-1 visa and a fraudulent passport who opens a student account that has a high volume of incoming and outgoing electronic transfers</li

"Money mule activity is essentially electronic money laundering," the memo stated. "Strong customer identification, customer due diligence, and high-risk account monitoring procedures are essential for detecting suspicious activity, including money mule accounts."

Over the past few years, cybercrooks, many located in Eastern Europe, have increasingly relied on mules located in the US to receive stolen funds and then funnel the money overseas before the fraud is detected. According to Security Fix, such scams have plundered at least $40m from small- to mid-sized businesses.

In some cases, the mules have no idea that they're engaging in illegal activities. That appeared to be the case two years ago when Ukrainian fraudsters recruited a Texas man with Down Syndrome to deposit money orders received from victims in an eBay scam into his bank account and then wire the majority of the funds using Western Union.

In other cases, mules are aware what they're doing is wrong, but choose to look the other way.

According to the FDIC, the mules are increasingly recruited on job posting websites, social networking sites and through advance fee scams that promise large rewards in exchange for acting as a financial intermediary. Sometimes, when the mules turn wise to the scam, the criminals try to harass or intimidate the mules to keep them from quitting. ®

Related stories

• Money mules are REAL victims of phishing, says Microsoft iconoclast (30 March 2012)

  https://www.theregister.com/2012/03/30/ms_money_mule_victims/

• Money mule scam offers CAPTCHA-protected malware (5 April 2011)

  https://www.theregister.com/2011/04/05/money_mule_captcha_malware_scam/

• FTC kills ingenious micro-payment scam (28 June 2010)

  https://www.theregister.com/2010/06/28/ftc_micro_payment_scam/

• China executes securities trader over $9.52m fraud (8 December 2009)

  https://www.theregister.com/2009/12/08/china_execution/

• Gang sentenced for UK bank trojan (16 November 2009)

  https://www.theregister.com/2009/11/16/bank_trojan_gang_sentenced/

• Next-gen Trojan rewrites bank statements (1 October 2009)

  https://www.theregister.com/2009/10/01/next_gen_bank_trojan/

• 5 men named in racket that netted $4m in stolen card data (1 September 2009)

  https://www.theregister.com/2009/09/01/international_payment_card_ring/

• Kentucky payroll phishing scam nets small fortune (3 July 2009)

  https://www.theregister.com/2009/07/03/kentucky_payroll_phishing_scam/

• Data-sniffing trojans burrow into Eastern European ATMs (3 June 2009)

  https://www.theregister.com/2009/06/03/atm_trojans/

• Card-sniffing trojans target Diebold ATM software (17 March 2009)

  https://www.theregister.com/2009/03/17/trojan_targets_diebold_atms/

• Monster.com suffers database breach deja vu (24 January 2009)

  https://www.theregister.com/2009/01/24/latest_monster_security_breach/

• Cloned US ATM cards: Can they fool Brit self-service checkouts? (29 August 2008)

  https://www.theregister.com/2008/08/29/cloned_us_atm_cards_in_uk/

• Ukrainian eBay scam turns Down Syndrome man into cash machine (8 November 2007)

  https://www.theregister.com/2007/11/08/ebay_victims_track_their_mules/