A group of criminals using the popular Zeus banking Trojan have started advertising for accomplices, displaying ads for job scams whenever the victim visits a popular job site, financial security firm Trusteer said on 13 June.
Typically, victims whose computers are infected with Zeus have to worry about their bank accounts being drained. Yet if a victim visits the popular job site CareerBuilder.com, some variants of Zeus will also display an advertisement for a job with a fraudulent company, Trusteer stated in a blog post.
In reality, the job is to help criminals transfer stolen cash to another country or cash out goods bought with stolen funds – in other words, a “money mule”. Finding people to help – usually unwittingly – is an ongoing challenge for criminals, but a critical need.
Without money mules, cyber-criminals would have a very hard time moving stolen money, Etay Maor, fraud prevention solution manager with Trusteer, told eWEEK.
When cyber-criminals compromise a consumer’s computer and access his or her bank account, they need somewhere to transfer the money. Most often, they transfer it to the accounts of one or more money mules, who then transfer it to an offshore account.
When law enforcement track down the money mules, the criminals have typically already broken contact with them and so cannot be tracked.
While some people become money mules knowingly, most are people looking for work or hoping for easy money. Advertisements for “mystery shoppers”, “work-at-home accountants” or “financial managers” are typical ways that criminals lure people looking for an easy paycheck.
While consumers are wary of email advertisements for such positions, an advertisement on a job site will generally appear much more reliable. Without money mules, the transfer of the funds stolen through the takeover of bank accounts and other types of fraud would not be possible.
US citizens reported nearly 290,000 cases of fraud in 2012, costing them more than $525 million (£334m), according to the Internet Crime Complaint Centre (IC3), which processes fraud claims for the US Department of Justice.
The Citadel botnets – recently taken down in a worldwide seizure led by Microsoft – are responsible for more than $500 million in bank fraud in the past two years, according to financial firms.
Yet, as more consumers hear of the fraudulent scams, criminals are having a harder time finding money mules. To recruit more mules, novel techniques will be required, Maor said.
“By using CareerBuilder as a platform, the Zeus operators maximise their outreach to potential mule targets,” Trusteer stated in its blog post. “Because this redirection occurs when the victim is actively pursuing a job, in this case with CareerBuilder.com, the victim is more likely to believe the redirection is to a legitimate job opportunity.”
Are you a security pro? Try our quiz!
Originally published on eWeek.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…