by …cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer.
Link: https://krebsonsecurity.com/2020/03/coronavirus-widens-the-money-mule-pool/
Summary:
- Original article by Krebs On Security, and attributes similar investigations by Hold Security.
- The article fundamentally highlights how cybercrooks are taking advantage of the current Covid-19 pandemic by exploiting peoples goodwill to use them as money mules.
- This is demonstrated by detailing an example campaign which uses a website, Vasty Health Care Foundation, ran by cybercriminals to recruit unsuspecting money mules.
- “The “Vasty Health Care Foundation” is one of several fraudulent Web sites that recruit money mules in the name of helping Coronavirus victims.”
- Fraudulent websites claim to fund relief efforts and connect donors, nonprofits, aid charities etc.
- Websites themselves appear legitimate and of good quality, but are almost carbon-copies of real aid agencies such as GlobalGiving.
- Hold Security intercepted threat actor comms and discovered boilerplate job descriptions used for hiring ’employees’ for the fake aid agency.
- The jobs described are menial and designed to make the role feel legitimate
- The new hires are inevitably asked to process “donations”, which is where the muling occurs
- The victim processes the funds, typically via bitcoin, and receives commission on a percentage of the transaction
- The jobs are posted by the threat actors on legitimate hiring websites such as monster.com, indeed.com, hotjobs.com, and others.
- Advice is to not to jump at unsolicited job offers over email that seem too-good-to-be-true, and to scrutinise companies offering these compelling Coronavirus-related job offers, even on legimitate websites.
Extracted IOCs & Artefacts:
- vastyhealthcarefoundation[.]com
Share Post:
