The increase in financial malware is the result of the increasing criminalization of cyberspace, with malware being used to make money. In addition to stealing funds, cyber criminals need a method for accessing these funds. Obviously, the criminals can't transfer stolen money to their own accounts as this would make them easily identifiable and significantly increase the risk of arrest and prosecution. Banks have responded to the increased number of attacks by investing more time, money and effort into developing mechanisms for detecting fraud and illegal activity. One safeguard is for an alert to be triggered if a large amount of money is transferred to a 'suspicious' region of the world.
In order to sidestep this, cyber criminals have taken to using 'money mules'. Mules are often recruited via seemingly legitimate job offers – for instance, the cyber criminals might advertise for a 'financial manager'. If the would-be mule accepts the offer s/he is likely to receive official looking documents to sign to make it all seem legitimate. The mule makes his/ her bank account available to receive transactions, and then transfers 85% - 90% of the money onwards via a service such as MoneyGram or E-Gold. Such services are used because they guarantee anonymity, reducing the likelihood that the cyber criminal will be caught. The remaining funds are the mule's 'commission' – naturally money which has been earned illegally via phishing or financial malware.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.