Cybercrooks lure citizens into international crime
Date: October 20, 2005Source: USA Today
By:
GRASS VALLEY, Calif. — To Karl, a 38-year-old former cabdriver hoping for a career in real estate sales, the help-wanted ad radiated hope.
The ad sought "correspondence managers" willing to receive parcels at home, then reship them overseas. The pay: $24 a package.
Karl applied at kflogistics.biz, a fraudulent Web site imitating a legitimate site.
e quickly received an e-mail notifying him he had landed the job, followed by instructions on how to take receipt of digital cameras and laptop computers, affix new labels and "reship" the items overseas. Easy enough.
Within weeks, he had sent off six packages, including digital cameras and computer parts, to various addresses in Russia. Little did Karl know he had become an unwitting recruit in a growing scheme to assist online criminals, the latest wrinkle in digital fraud that costs businesses hundreds of millions of dollars a year.
Before long, Karl began to feel like Sydney Bristow from the TV show Alias, who wrangles her way through dealings with the Eastern European underworld. (Fearing possible retaliation, Karl asked that his real name not be used for this article.)
One day, a $4,358 electronic deposit appeared out of nowhere in Karl's online bank account, followed by e-mail instructions to keep a small amount as pay and wire the rest to Moscow. Then he began receiving account statements intended for online banking customers from across the USA. Someone had changed the billing addresses for stolen credit cards and bank account numbers to his residence in Grass Valley.
One of the letters was intended for 28-year-old Ryan Sesker of Des Moines, letting him know that his credit limit had been raised to $5,000 — a request he never made. Around the same time, a USA TODAY investigation found, someone accessed Sesker's online banking account and extracted $4,300.
"I thought I could work a few hours a day and make a couple hundred bucks, not get sucked into something out of Alias," Karl said later, sipping a cup of steamed milk in a sleepy cafe.
What Karl had become, in fact, was a "mule."
Karl and other ordinary citizens are being widely recruited by international crime groups to serve as unwitting collaborators — referred to as mules — in Internet scams to convert stolen personal and financial data into tangible goods and cash. Cybercriminals order merchandise online with stolen credit cards and ship the goods overseas — before either the credit card owner or the online merchant catches on. The goods then are typically sold on the black market.
Mules serve two main functions: They help keep goods flowing through a tightly run distribution system, and they insulate their employers from police detection.
To document what such a mule goes through, USA TODAY spent five months pursuing leads from law enforcement officials, tech security experts and Internet underground operatives. The probe uncovered fresh evidence detailing how organized crime groups, such as the one that enlisted Karl, operate quietly at the far end of the cybercrime pipeline. (International scam: An inside look at a Nigerian reshipping ring)
Savvy thieves often keep such rip-offs below $5,000 to avoid detection from bank monitors and the FBI. But cumulatively, the thefts reach into the hundreds of millions of dollars.
While e-mail phishers, hackers and insider thieves grab notoriety for stealing personal and financial data, these reshipping groups put the stolen IDs to use. Security consultant eFunds estimates that reshipping rings set up nearly 44,000 post office boxes and residential addresses in the USA as package-handling points in 2004, up from 5,000 in 2003. And they show no signs of slowing down.
Add comment Email to a Friend