Money mules recruit for Zeus botnet through bogus job ads

Money mules, who launder money obtained through the Zeus criminal network, are recruited through legitimate-looking job advertisements, such as “payment processing agent”, “money transfer agent”, and “administrative representative”, the Fortinet warned in its October 2010 Threat Landscape report.

A recent money mule recruitment email that Fortinet discovered began the subject line with "Re: CV". The body of the email offered the recipient an "administrative representative" position for a proposed salary of €5,000 per month plus commission. One of the listed job duties was to "administer day-to-day financial responsibilities for clients", as well as prepare weekly financial reports.

"The majority of opportunities we're seeing today offer prospects roughly 10% commission for any transfers they make. With a few simple clicks, a $10,000 transfer could net the mule roughly $1,000", said Derek Manky, project manager for cybersecurity and threat research at Fortinet.

Fortinet offers the following advice to avoid becoming a money mule: be wary of job opportunities that promise great rewards with little or no work experience; watch out for vague or unclear job descriptions, do not agree to do work that involves money transfers from overseas, and do not provide personal information such as bank a account number.

In addition, the report provides various information security statistics. For example, the US ranks number one in the volume of distinct malware reported in October, with 42%. Distinct malware volume indicates the amount of unique virus names (variants) that has been detected in a given region, as opposed to total malware volume, which indicates the accumulated amount of all reported incidents. Japan ranks second with 40.1%, followed by France with 26%, India with 16.1%, and China with 15%.

What’s Hot on Infosecurity Magazine?