Before I get started with the Money Laundering Phishing scam, first you must understand customer vigilance. Customers may take a number of steps to avoid becoming a victim of a phishing attack that involve inspecting content that is presented to them and questioning its authenticity. General vigilance includes:
• If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
• Never respond to HTML email with embedded submission forms. Any information submitted via the email (even if it is legitimate) will be sent in clear text and could be observed. • Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.
• For sites that indicate they are secure, review the SSL certificate that has been received and ensure that it has been issued by a trusted certificate authority. SSL certificate information can be obtained by double-clicking on the “lock” icon at the bottom of the browser, or by right-clicking on a page and selecting properties.
• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
Money Laundering Job Scams
Given the successes of phishing scams in obtaining personal financial information from their victims, Phishers have needed to develop follow-up scams in order to safely transfer stolen monies from the accounts and country. An increasingly popular method of accomplishing this is through fake job scams. For those not aware of what we are talking about here’s how these job scams work.
• The Phishers exploit a number of bank accounts via standard phishing attack vectors. • They then have a problem of getting the money out of them as most Internet banking facilities do not allow direct transfers to overseas accounts.
• A common way to avoid these restrictions is through job scams. Phishers offer these “jobs” via spam emails, fake job advertisements on real job websites or instant messaging spam.
• Once they have recruited a “mule”, they are then instructed to create a new bank account with the exploited bank (or use their existing one if they are already a customer) where the Phishers have exploited accounts in the past. The Phishers then remove money from the exploited accounts and put in to the mules account
• The mule is told this is a payment that needs to be transferred and is asked to withdraw the money, minus their “commission”, and typically wire it via services such as Western Union to a European/Asian country.
• The Phishers now have the majority of the money from the original exploited accounts and when the money is traced by the banks/police the mule is left being accountable.