On Mystery Shoppers, Money Mules and the Average Time Between Births of a Sucker
I’d just started looking at all the bills from the Australian summer holiday trips, when this amusing email landed in my inbox…
Ladies and gentlemen!
Do you want to combine business and pleasure? Let us pay your purchases you make for us and become a professional “mystery shopper.”
“Mystery shoppers” check clients’ branches in the region and evaluate the service they are offered in the stores. You will check the condition of purchased goods at home and then send your feedback via Internet. The information you provide will help companies to estimate the quality of their service and improve it.
The reason I found the email so funny was the timing. Just a few weeks ago, Cisco released its Annual Security Report for 2010, and one of the more interesting items is around “Money Mules” and their recruitment.
Cybercriminals need to “launder” the money obtained through their criminal activities. This leads to other fraud such as the “Mystery Shopper.” In one scenario, stolen money is transferred to the mule’s bank account who then purchases goods, ostensibly to “estimate the quality of their service.” They are the told to ship the goods on to foreign locations.
In a scam such as this one, the “shipping mule” is often completely unaware of their criminal involvement—until they are contacted by law enforcement. At that point the mule is abandoned. While there are other Money Mule scenarios, the outcome is invariably the same, driving a continuous need for a steady supply of mules.
The risk to employers is similar to older 491 Nigerian emails where employees embezzle money to fund their involvement in the scam. Email spam and security solutions can help flag recruitment emails such as the “Mystery Shopper” one which landed in my inbox—but education is key. As with any con, they are about exploiting our own greed, even when we should know better.
The recruitment of Money Mules is just one of the trends discussed in the report. For more details on what we saw in 2010 and what we can expect for 2011, get the Cisco 2010 Annual Security Report.
Stay mobile. Stay secure.