Last week, the Visakhapatnam cybercrime police busted a gang involved in funnelling about Rs35 crore to Rs40 crore through mule bank accounts. The gang of four lured unemployed youth with the promise of jobs and high salaries. Their Aadhaar cards and permanent account numbers (PANs) were collected and the identity documents were used to open bank accounts in the names of these job-seekers; they were also shown as directors of bogus/ shell companies. These mule accounts were sold to cybercriminals to route money.
Nationwide raids by the Gujarat and Andhra Pradesh police have recently revealed the creation of illegal digital payment gateways using such mule or rented accounts. Such illegal infrastructure facilitates the laundering of cybercrime proceeds which require funds to be transferred through a series of accounts to obfuscate the money trail.
Some payment gateways identified during the raids were PeacePay, RTX Pay, PoccoPay and RPPay. These gateways apparently offer money laundering as a service and are operated by foreign nationals.
The rapid increase in the use of mule accounts and illegal digital payment gateways by cybercriminals prompted the Indian Cybercrime Coordination Center (I4C), under the Union ministry of home affairs (MHA), to issue an alert against illegal payment gateways and the use of mule bank accounts by cybercriminals with transnational operations.
An analysis of such information by I4C reveals that cybercriminals are constantly scouting current and saving bank accounts through social media, mainly from Telegram and Facebook – they include mule accounts linked to shell companies and are controlled from abroad. The illegal payment gateway used to create such accounts is hired to criminal syndicates, enabling them to accept deposits on illegal platforms like fake investment sites, offshore betting and gambling websites and fake stock trading platforms.
As soon as money flows into such accounts, it is immediately transferred out through layered transactions. These criminals also misuse bulk payout facilities provided by banks to transfer the crime proceeds.
Cybercriminals either 'buy' or 'rent' mule bank accounts from 'agents' or directly recruit individuals (called 'money mules') to use their bank accounts for transferring money obtained from scams, frauds, or other criminal activities. This allows criminal gangs to distance themselves from the money trail, making it harder for law enforcement agencies (LEAs) to track down the ultimate perpetrators. Money mules might be unwitting participants or complicit in the scam.
For recruiting money mules, cybercriminals use phishing and lure with jobs, romance, bumper returns on investments and fake sweepstakes or prize notifications.
Cybercriminals often pose as employers or charitable organisations in emails, job postings, or social media ads. They offer 'work-from-home' positions or ask for help transferring funds through the money mule's bank account.
Scammers build fake relationships with victims and convince them to receive or move funds through the bank accounts under emotional pretences.
Fraudsters also promise high returns on investment schemes and request bank account details for 'fund transfers' or crediting the 'interest'.
In fake sweepstakes or prize notifications, money mules are told they have won a prize and must handle the funds, sometimes sending money abroad to claim the 'award' or 'reward'.
I4C has advised citizens not to sell or rent their bank accounts or company registration certificate and Udhyam Aadhaar registration certificate to anyone. "Illicit funds deposited in such bank accounts can lead to legal consequences, including arrest. Banks may deploy checks to identify misuse of bank accounts that are used for setting up illegal payment gateways," it says.
Given the serious consequences for money mules, it is critical for every bank account-holder to remain alert and avoid sharing details with anyone, especially unknown people or those they recently met on social media.
While there is no alternative for remaining alert and protecting personal details, including banking details, here are a few suggestions to help you avoid becoming a money mule...
1. Verify job offers: Be sceptical if anyone contacts you with a job offer that involves financial transactions or sharing bank details. If it is an agency or company, look up their official website and contact them through official channels. For individuals offering a 'too good to be true' job, simply disconnect.
2. Look out for red flags: Offers with high pay for little work, requests to use your bank account, or unusual requests to transfer money are warning signs.
3. Be cautious with online acquaintances: Avoid sending or receiving money on behalf of someone you met online or through social media, especially if you have never met in person.
4. Understand the legal consequences: Remember, transferring money for someone else, especially without knowing the origin, could make you an accomplice to criminal activities. Your accounts could be frozen and you may end up behind bars.
5. Check with your bank: If you are approached by someone asking to use your account, discuss it with your bank's fraud reporting department. They can provide you advice on identifying potential scams.
If you think you may have unwittingly participated in a money mule scam, it is essential to immediately notify your bank and local police or LEAs. Acting quickly can prevent further use of your account in criminal activities and can help you avoid legal repercussions.
How to report cyber fraud?
Do report cybercrimes to the national cybercrime reporting portal
http://cybercrime.gov.in or call the toll-free national helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.