Before the advent of high-resolution security cameras, dye packs and GPS trackers, criminals would simply walk into a branch, pull out their guns, take the money and escape on their steeds. The criminals have evolved. They would then walk right up to the teller, hand them a note, and walk out with a bag full of money, right past blue-haired grandmothers updating their bankbooks and blue-collared workers depositing their paychecks. Technology evolved. So did the criminals. Now, criminals are robbing banks in even easier ways.
Phishing sites, vishing or smishing phone numbers, card skimmers - these tactics all enable the criminals to acquire the precious details they 
need to defraud financial institutions and their customers of hard-earned dollars without ever leaving their homes. Simply acquiring this information isn't enough for the criminals to start planning their retirement in a non-extradition country - they need someone to actually get the money for them.
Criminals are (typically) quite adept at protecting themselves - whether it be having a safe house, a getaway car, or rigging their hard drives with thermite - to ensure that getting caught doesn't mean hard time. So what is an aspiring fraudster to do these days? Find a Money Mule.
Money mules are typically recruited online, lured unknowingly into the criminal world by the prospect of quick, easy money.
You see the recruiting posts everywhere. Job postings and spam with subject lines of "Work from home!" or "Make $1000/wk CASH!" can seem like a blessing to those desperate in today's harsh economic times.
Once the "employee" (mule) makes contact with the fraudster (who pretends to be a corporation), the mule is instructed to open a bank account exclusively for use by the "corporation." At this point, one of two things happens: either the "corporation" will send the "employee" a legitimate-looking check, or; the "employee" will forward the account details to the "employer", who transfers a modest sum of money - maybe a few thousand dollars - into the account. The fraudster then instructs the mule to withdraw 90-95% of the money. Once the cash is in-hand, the mule is sent to a Western Union office, where they transfer the money back to the "employer", keeping their 5-10% share as their "salary."
Unfortunately, the only real check this mule is going to get is a reality check. The check provided by the "corporation" is counterfeit, but this only comes to the attention of the mule sometime later on, well after the withdrawal and transfer is completed. Once the bank realizes the check is counterfeit, they reverse the deposit, which then brings the account into overdraft, leaving the mule with a fairly significant debt to the bank. When a direct transfer is made into the account by the fraudster, it comes from a compromised bank account. Once the transfer is reported to the originating bank as fraudulent by the account owner, they reverse the transaction, with the same results - the mule is left on the hook for the debt.
This means that the person without a job is now jobless and in debt, the person struggling to get out of debt is now deeper in it, the retiree's pension check just got much thinner. The bank is upset with the mule, the mule is upset with the "employer," and the "employer" is laughing all the way to the bank (for lack of a b 
etter term).
The mule now feels like an ass, having been taken advantage of and victimized as a result of their ignorance and/or greed. To make matters worse, when the "employee" opens an account for their "employer", they are instructed to provide the account details - along with all other common employment information like Social Security/Insurance Numbers, full name/address, etc. to the "corporation". This instantly makes the employee a victim of identity theft, as the fraudster collects this information for sale on the black market (or personal use) later on.
According to the Internet Crime Complaint Center (IC3), money mule handlers have tried to steal $100 million from small- and medium-sized businesses - who knows how much money the mules have lost as a result of these schemes.
Money mule handlers - I'm hesitant to use this term, but the "masterminds" behind these schemes - are good businesspeople. They are only interested in streamlining their business and maximizing their profits. Some are part of larger, real-world criminal organizations/gangs, some operate exclusively in the tubes of the Internet. Regardless, money remains the driving factor, and as banks get hip to the tactics of money mule operations, they begin implementing strategies to prevent their customers from suffering the same credit-score-reducing fate. The handlers pick up on this, and start blacklisting banks - essentially telling the mules where they should be opening accounts.
Throughout our travels around the ‘Net, BrandProtect comes across all kinds of scams and associated data. One juicy tidbit was a list sent around by a mule handler's handler - the person that directs the handlers how to run their "departments" efficiently, and makes executive decisions for the group. So, what's on this list? Well, Dearest Reader, I'm glad you asked. The list contains names of almost 50 U.S. banks that are known to have lax account security in place, idyllic environments for the growth of the criminal's business.
Straight from the file itself: "Ask your clients... to open a Checking account and provide the log in details, such as "User name, Password, the 3 Security Questions and Answers". They should go into the bank and get the account opened. It should NOT be done online. In a state that has more than one bank, please send all the banks to him so that he will choose the one that is convenient for him."
As you can see, this is not the work of a half-baked junkie looking to make a quick score - lots of time and effort has been invested in this, because the perpetrators know the rewards are great.
Are you on the list of banks known by criminals to have lax account security in place? Drop us a line, and we'll let you know.
Co-authored by: Michael Kiefer, BrandProtect