Rising COVID-motivated Mule Fraud Threats: What can Banks do about it?

Rising COVID-motivated Mule Fraud Threats: What can Banks do about it?

Every year, banks shut down tens of thousands of accounts for suspected fraudulent practices. A substantial chunk of these accounts is suspected to be mule accounts and conventional anti-mule fraud systems have had little impact to stop the problem. Whether as complicit players or as victims, money mules are now also laundering funds for organized COVID motivated financial crimes. With the virus continuing to provide opportunities for fraud and money laundering, banks must boost their monitoring and investigation capabilities to counter this growing threat.

Rising COVID-motivated Mule Fraud Threats: What can Banks do about it?

Image courtesy: Freepik

COVID continues to be in the news and it seems it will be a while before it completely disappears. Meanwhile fraudsters have been taking advantage of the socio-economic conditions triggered by the pandemic. Mule fraudsters in particular have been making hay while the virus shines.

In an operation conducted between mid-September and end-November 2022, the European Money Mule Action tracked down 8755 money mules, 222 money mule recruiters and arrested 2469 individuals world-wide. Involving 25 countries, the op identified 4089 fraudulent transactions and prevented USD $18.7 mn from being laundered by money mules.

Uncertainty caused by COVID and other macro-economic factors, rapid growth of faster payments and extensive digitalization have all contributed to increasing vulnerabilities to scams with more newer channels for fraudsters to exploit.

In the first half of 2022 the UK experienced a spike in online user generated posts encouraging people to become money mules. With over USD $739.5 mn lost to fraud and scams during the period, fraudsters have been exploiting the situation using a variety of tactics, including using money mules to launder funds. (UK Finance)

What is a Typical Money Mule MO?

Mules (people recruited to deposit illicit money into their bank accounts but masked as regular financial activity) are usually unaware that they are handling illegal funds. The term is a derivation of ‘drug mule’ – someone who transports narcotic substances across borders.

Recruiters convince mules that the activity is legitimate work for legitimate business and there’s also a reward for their ‘services’.


A person receives a communication apparently from a trusted source (i.e., their bank, a new acquaintance, the government, a health organization or their child’s educational institution) requesting personally identifiable information (PII); the communication has a link in which the customer is asked to provide their PII.

When they click the link, they’re taken to fraudulent online resources where they end up divulging their PII.

Mule recruiters enlist their mules online via dating sites, email, popular social media platforms, get-rich-quick advertisements, etc. grooming and convincing their victims to open bank accounts under the pretext of ‘helping’ send or receive funds.

Fraudsters (often those who have gained illegal access to business or consumer bank accounts) tend to recruit money mules via phishing emails, text messages, chat messages or social media messages.

Besides Good Samaritan and romance baits, money mule scammers also use work-from-home schemes to entice victims to open new bank accounts that can then be used to move laundered funds.

Fraudsters have been exploiting these vulnerabilities and increasingly leveraging faster payment options to launder money.

Banking on COVID to Target Unsuspecting Banking Customers

Besides the known types of money mules (Unwitting, Willing, Complicit), the pandemic has created a new type of mule – the ‘unwitting-willing’. This new mule variant is eager to help others overcome their financial distress during the crisis, unaware of the risks involved.

Types of Money Mules

Victims of money mule scams can be individuals or businesses including financial institutions. Some of the fictitious scenarios that fraudsters create to gain trust during the pandemic:

  • Claiming that they are citizens quarantined overseas, requesting money to help them out.
  • Claiming that they are citizens or service staff members working abroad, wanting to send or receive money on their behalf to help a family member battling COVID.
  • Claiming to be a member of a medical organization and wanting to send or receive money on their behalf to help those in need.
  • Claiming to be affiliated to a charitable organization and wanting to send or receive money on their behalf to help those in need.

Detecting Mule Scams in Banks

Traditional anti-mule fraud management such as monitoring, reactive remediation and preventive controls are not enough during the new normal.

  • Monitoring helps identify suspected mule accounts – a key factor in any anti-money laundering system – but it doesn’t deter mule activity.
  • Reactive remediation is when a bank shuts down accounts identified as mule accounts. While this is essential, it is only a basic deterrent.
  • Preventive controls block known fraudsters from opening or operating accounts, but its effect on money mules is moderate, and it doesn’t impact COVID-motivated unwitting mules or regular unwitting mules.

However, there are certain measures that banks can implement to counter the threat.

Being Completely In-The-Know About Customer Activity

A stringent due diligence process involves identifying account owners and legal beneficiaries before the start of a business relationship. This helps reduce the risk of exposure to money mules vastly. If identification processes are lenient, then subsequent monitoring of transactions may not be able to identify individual suspicious activity effectively.

Vital therefore to utilize every chance to update customer information to consistently retain high monitoring standards. Documentation must be reviewed regularly and updated automatically when there are changes in address or jobs or personal status. Identification of suspect transactions based on customer information, helps trigger prompt enquiry. So, a strong KYC / KYCB record maintenance foundation and practice helps.

While the primary responsibility for identifying suspicious transactions lies with the bank staff processing or checking items, banks should, as an additional safeguard, have in place intelligent real-time, cross-channel technology for suspect behaviour that can be inspected and investigated instantly.

More Closer Monitoring of Suspect Transactions

Account monitoring on an ongoing basis is critical to ensure that bank accounts are reviewed for unusual and suspicious activity. The bank should be aware of high-risk transactions in these accounts, e.g., activity that has no business or apparently lawful purpose, funds transfers to and from higher-risk jurisdictions, currency-intensive transactions and frequent changes in ownership or control of a non-public business entity.

If a customer who claims to be working with an online firm or a money transfer agent receives multiple cash deposits into his / her account, and those funds get wired out shortly thereafter, the bank must verify the purpose of the transactions as well as the actual business of the majority of the beneficiaries.

The bank’s fraud risk team must also ensure that the automated monitoring systems record not just the amount and date of a transaction, but also the identity or geographical location of the persons sending / receiving the wire transfers. Not doing this could lead to a situation where the bank is unable to identify and investigate potentially suspicious transactions based on critical risk factors, such as jurisdiction and the potential involvement of PEPs (politically exposed persons).

Observing the Country of Origin

Banks may be able to detect informal value transfers involving unwitting participants by paying close attention to the country of origin of the money in question.

These funds are likely to originate from the domicile country of individuals who have been indicted by the US DoJ for romance scams and / or from countries with low Corruption Perceptions Index (Transparency International) scores.

A few years back, the DoJ had indicted 80 individuals for executing a massive business email scam and money laundering scheme valued at approximately $3 bn. In this case, the nationalities of the indicted persons should have raised red flags and prompted the bank’s fraud risk officers to question the customers involved about the purpose of the transactions and the sources of funds.

Since the customer is unlikely to be aware that he or she is laundering money, they should be able to provide valuable information to their bank. E.g., the customer may inform the bank that the funds are coming from a high-risk country and that he or she was asked to provide the account number so that individuals in that country can transfer funds to the account domiciled in the US.

The money mule might also tell the bank that the funds are for investing in a profitable business. The bank must inquire further into the nature of the business, including any relevant addresses. After investigation, if a bank suspects that the funds are proceeds of criminal activity, the bank must file an STR (Suspicious Transaction Report).

Checking Where the Money Is Headed

Fraud risk / compliance officers can identify money mules by scrutinizing where the money is being sent. Illicit funds are quite likely to be transferred to countries with low scores in the Financial Action Task Force’s (FATF’s) Mutual Evaluation Reports. When a bank discovers that funds are moving to geographies having weak AML systems and controls, red flags should be instantly raised and the customer must be asked about the source of the funds and the purpose of the transactions.

Monitoring High Net Worth Customers

Criminal networks convince high value bank customers with accounts in US or UK banks to create shell companies and trusts as ‘legitimate’ activity. The illicit funds may have already been deposited into the account of the high value mule by another victim who is part of the larger operation. This modus operandi masks the beneficial owner of the account with a shell firm or another legal entity. Shell companies or PICs (Private Investment Corporations) typically operate from countries that are renowned secrecy havens.

When such dynamics are at play, it becomes important for the bank to (a) establish the legitimacy of transactions and (b) be able to follow the trail to determine the identity of the UBO (Ultimate Beneficial Owner).

Just like any other pre-meditated financial crime, money mule fraudsters plan and coordinate their moves very carefully. For detecting suspicious patterns, banks must aim to gain a holistic, enterprise-wide, contextual picture, instead of siloed, channel-centric views.

Creating detailed and holistic data viewpoints and strategies help create an effective money mule strategy. Also, AI and ML-based analytics enables monitoring transactions on an exponentially greater scale with far lower false positives.

Subscribing to research insights that profile potential mule fraud victims by demographics and psychographics also helps. This enables ‘intelligently’ discovering insights and elusive trends that would have been otherwise difficult to spot.

Money mules used to be seen as small-time felons, transferring small amounts. Organized, sophisticated money mule schemes of the day have become a professional money laundering mechanism.

“Money mules are an essential part of organized crime and international fraud schemes, be it a romance con, business email scam, or a work-from-home ploy.” (FATF)

Whether as complicit players or as victims, money mules are now also laundering funds for organized COVID-related crime.

Every year, banks shut down tens of thousands of accounts for suspected fraudulent practices. A substantial chunk of these accounts is suspected to be mule accounts and conventional anti-mule fraud systems have had little impact to stop the problem. With the pandemic providing more opportunities for fraud, banks must now consider boosting their real-time, enterprise-wide monitoring and investigation capabilities to counter this growing threat.

Ujjivan SF Bank Fortifies Fraud Risk Management Enterprise-wide with Clari5

Being the epitome of what symbolizes a small finance bank, with a modest microfinance background and having a ‘bottom of the pyramid’ customer segment, Ujjivan required a strong solution against fraud headwinds. The bank required a proven real-time, cross-channel fraud management solution to combat existing and evolving fraud patterns across customer accounts, products, channels, staff and geographies to synergize with growth. Read how Clari5’s real-time, cross-channel capability helped Ujjivan SFB strengthen its anti-fraud defenses.

Unified, Real-time Fraud + Anti-Money Laundering (FRAML) for a World of Growing Faster / Real-time Payments

The rise of digital banking, faster / real-time payments and open banking have also created one of the biggest pain points for the banking industry – real-time fraud. Newer threats and an ever-changing regulatory landscape now demand more robust processes and innovative approaches to combat financial crime, while delivering frictionless customer experiences. Converging real-time Enterprise Fraud Management and real-time AML into a singular holistic unified real-time Fraud Risk + AML (FRAML) Compliance platform can deliver powerful benefits to Financial Institutions.