NEW COVID-19 CYBER FRAUD – CREATING MONEY MULES
In the last week, the Federal Bureau of Investigation (FBI), Department of Health and Human Services (DHHS), and the Department of Justice (DOJ) issued additional warnings concerning coronavirus cyber scams. In addition to selling faux vaccines and treatments for coronavirus, the FBI, DOJ, and DHHS reported the following types of schemes:
Phishing emails from bad actors posing as the WHO or CDC;
Malicious websites and apps with official-sounding names that purport to share coronavirus information to gain access to and lock devices in exchange for ransom payments;
Bad actors posing as charities seeking donations or falsely claiming 501(c)(3) status; and
Dodgy medical providers obtaining patient information for COVID-19 testing and fraudulently billing for unperformed tests and procedures.
In a novel and terrifying twist, Brian Krebs recently reported that cybercriminals graduated to money laundering schemes as furloughed and laid-off employees look to work from home. Turning unassuming telecommuters into “money mules,” Krebs uncovered the story of a bitcoin launderer posing as a nonprofit middleman for coronavirus relief funds. Named “Vasty Health Care Foundation,” the website detailed false international funding efforts and how it connected donors with charities. According to Krebs, almost all content for the Vasty website came from globalgiving.org, a legitimate organization.
So how does an unsuspecting job applicant get lured into money laundering? After applying for and accepting a position with Vasty, Vasty immediately starts its employees on fact finding missions within their immediate locations. New employees are tasked to price basic medical supplies such as face masks, aspirin, and hand sanitizer and prepare a report on the findings. Albeit seemingly menial, these reports help the predators determine which employees will diligently follow instructions.
After completing a few reports, the employee is then asked to process a donation for coronavirus relief efforts using Bitcoins. Based upon emails and files from Krebs, Vasty would tell its employee the following:
“The donor requests that Bitcoins be bought with his funds. For this task, you need to create your Bitcoin wallet, or use the QR code that we send you in this letter. You will receive from the donor up to 3000 CAD. Your commission up to 150 CAD will be included in this amount to cover your expenses. I remind you that you do not need to use your funds to buy bitcoins. The funds will be sent to you. You will need to receive cash atm or at your bank branch.”
Vasty then sends the employee an electronic money transfer. The employee is told to withdraw the cash and to keep a certain remaining amount for him/herself. The withdrawn funds are then deposited by the employee using the QR code (that was emailed by Vasty) into a Bitcoin ATM, which is then sent directly to the scammers’ bitcoin wallet. Krebs further reports that “the funds that get deposited in the employee’s account are invariably stolen from other hacked bank accounts, and the employee is merely helping the crooks launder the stolen money into a form of payment that can’t be reversed.” Vasty even provides guided statements for employees to provide to bank employees should questions arise.
Money mule scammers traditionally hack employer accounts at job recruitment sites such as Monster.com, indeed.com, and hotjobs.com, offering employment terms that are too good to be true. Their interviews are sometimes conducted via chat or skype using a still photo instead of live video. And while unsuspecting employees are undoubtedly ignorant of their/their employers’ crimes, individual state laws and law enforcement agencies may not find such ignorance totally excusable.