Wanted: money launderers in Canada

Filed Under: Phishing, Spam

One of my favorite things about having a blog at Sophos is the opportunity to share the stories that we research related to cybercrime. I was doing some work today in SophosLabs and stumbled upon an email trying to recruit so-called "money mules." Not highly unusual, except for one thing. . . It was targeted specifically at Canadians.

Last week at RSA 2010 the US Federal Deposit Insurance Corporation (FDIC) presented the frighteningly large numbers of small and mid-size businesses being robbed through compromise of their online banking credentials. Brian Krebs published a great blog showing that more than twice as much money is being stolen online from banks (and their customers) than through the traditional gun/threat/bag of money method.

Spam message

"Hi, we have a job offer available for CANADIANS ONLY."

Read: We have stolen a bunch of money from Canadians and need you to help us move it.

"we have funds coming from my clients that needs to be received in Canada.
This is in view of our not having a branch office presently in Canada.
We are currently facing some difficulties with receiving payments for our services."

Read: We are Russian and cannot transport large sums of money without setting off alarm bells. Can you take a small part in our effort?

"It usually takes us 10-30 days to receive a payment and clearing from your country
and such delays are harmful to our business, thats why we need Payment Officers in Canada."

Read: We have to move it fast before the people we stole it from notice.

"You do not need to have an office and you will have a free time doing your permanent job,
you will also secure a good income during the process."

Read: Lots of money, little time, super easy... It's the hallmark of a scam, the too-good-to-be-true offer.

"You will be entitled to 10% of whatever amount you received from customers on behalf of the company plus basic salary of 2150$ a month.

If you are interested in our proposition, we are ready to provide you with more detailed information."

Cartoon holding hand out for no comment
Dutifully I attempted to reach Mae, but as usual she was unavailable for comment.

Many people are unaware of the additional protection afforded to consumers by American banking laws. Consumers have 30 days to dispute a transaction and the banks will refund money that has been fraudulently withdrawn.

Business accounts have become the choice among criminals because in most jurisdictions the victim has only 48 hours, or must report the fraud before the money arrives at its final destination. The business must also be compliant with bank terms of service requiring them to properly protect their systems against malware, keyloggers, trojans, and other shenanigans.

Who is behind this attack? It would appear, as is all too often the case, that the domain registered to receive your reply is hosted in Russia, and registered to a Russian as well.

whois records for domain

In addition to keeping our systems free of malware, we need to be socially aware and remember the old axiom: "If it sounds too good to be true, it is." Social engineering is a major component in almost all modern scams, and if we can break the chain of fraud, deceit, and vulnerabilities we can make it too expensive for these con artists to operate.

Would you share your banking information with these people?

Creative Commons image "No Comment" courtesy of BrotherM's Flickr photostream.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.