Title :
Phishing and money mules
Author :
Florêncio, Dinei ; Herley, Cormac
Author_Institution :
Microsoft Res., Redmond, WA, USA
Abstract :
Data breaches, phishing and spyware have compromised millions of end-user records and credentials. Mules are the preferred means for draining compromised accounts. These are unwitting accomplices who provide a stepping stone between the victim account and the attacker. The key role they play is to turn reversible traceable transactions into irreversible untraceable ones. This, together with the fraud protections enjoyed by US banking customers, generates some surprising findings. First, it is the mule´s money not the victim´s or the bank´s money that the attacker steals. Second, mule recruitment and not credential theft appears the true bottleneck in online fraud. Third, this suggests an explanation of why stolen credentials sell so cheaply: there is a shortage of mules.
Keywords :
bank data processing; computer crime; personal computing; transaction processing; unsolicited e-mail; US banking customer; credential theft; data breach; end user record; fraud protection; money mule; mule recruitment; phishing; reversible traceable transaction; spyware; Authentication; Banking; Face; Investments; Recruitment;
Conference_Titel :
Information Forensics and Security (WIFS), 2010 IEEE International Workshop on
Conference_Location :
Seattle, WA
Print_ISBN :
978-1-4244-9078-3
DOI :
10.1109/WIFS.2010.5711465
