Money MulesMoney Mule

by John Bandler

Money mules are used by cybercriminals to make cybercrime happen and launder stolen funds. Don't be a money mule or send to a money mule.

In sum

Most cybercrime is ultimately about theft, sometimes indirectly. Some cybercrime is direct theft, stealing funds and misrouting funds. To steal and misroute funds, cybercriminals need a "money mule". They need someone who will receive those stolen funds and then forward them along, so that they eventually reach the cybercriminals and associates.

  • Don't be a money mule.
  • Don't send funds to a money mule.
  • Don't forward funds transfer instructions involving money mules.

Why cybercriminals need money mules

Cybercriminals use money mules because they don't want to be caught and they want to be successful.

First, cybercriminals would never want fraud proceeds going directly to their own personal account because they would get caught! So they need to disguise and layer where the money goes, that's essentially money laundering. The funds will go many different places and many ways until it finally reaches the cybercriminals, many people providing different services and work and expertise to make the theft happen.

Second, cybercriminals want to be successful. Often, they are located in another country. They know that funds transfer instructions going direct to their country might be looked at with suspicion. So they need a money mule within the United States to make the fraudulent funds transfer instructions seem believable.

They also need a steady supply of money mules. For certain frauds, a money mule account is only good one time. Then the banks finally get wise and shut that account down.

Who are money mules?

There are a lot of types of money mules. I categorize them into three basic categories:

  • Totally unknowing
  • Sort of unknowing
  • Accomplices to the fraud

Of course, it can be hard for one person to completely judge what another person really knows or intends (that challenge is a critical part in the criminal justice system).

Here is some more information:

Unknowing money mules

  • Attorneys are regularly solicited to become unknowing money mules.
  • Other people looking for work are also regularly solicited
  • They are hopeful, looking for work, clients, fees, and genuinely believe the story they are told about why they are receiving funds and then forwarding them.

"Sort of knowing" money mules

  • Someone who is given some indication that things are not right, are not legal
  • They are willing to look the other way
  • Maybe they put their head in the sand to ignore some warning signs
  • Maybe they are just maintaining some deniability

Knowing money mules (accomplices to the fraud)

  • They know criminality is involved (even if they deny such knowledge)
  • They are knowing participants in the fraud, in order to get paid
  • They tell lies in order to accomplish the fraud
  • They are probably committing the crime of money laundering

Money mules and email based funds transfer frauds

Email based funds transfer frauds is my name for a pernicious and pervasive cybercrime where the criminals use email to divert payments and steal money. Names for this fraud include:

Email based funds transfer frauds and business email compromise

  • Business email compromise (BEC)
  • CEO fraud, CFO fraud, CXO fraud, and more
  • Email based funds transfer frauds (my term, clunky for sure but accurately descriptive)

This is one of three priority cybercrime threats that all individuals and organizations should be aware of (the other two top threats are data breaches and ransomware).

These frauds require money mules in order to happen successfully.

Detecting a money mule

Detecting a money mule is easy after the crime. Funds were transferred and stolen, you look at the route of the funds, the various accounts, and money mules will shout at you.

But there are ways to detect it before.

For targets of cybercrime, who are sending, receiving, or forwarding funds transfer instructions, they need to:

  • Verbally confirm all payment instructions (including changes to payment instructions)
  • Ask if the person you are confirming with did what they are supposed to do to verbally confirm the payment instructions they are forwarding to you
  • Check and review all the parties and the payment instructions. Are there discrepancies or red flags regarding where the funds are going to?
  • Were there prior payment instructions and have they now changed? Why have they changed? Did you verbally confirm that the changes are legitimate?

For banks, it seems pretty like they often ignore red flags that are indicators of money mule activity.

And for perspective, many ordinary people have no official reason to keep abreast of cybercrime and financial fraud trends. I want them to protect themselves and read my articles, but it is not their job to do so.

On the other hand, banks are required to stay on top of financial fraud, cybercrime, and money laundering. They have legal duties, and it is their job. I wish they would do better warning their clients, but that is another issue. Here, I wish they would identify money mule accounts earlier. Because here is what happens.

  • Banks see dozens, hundreds, thousands of these fraud events
  • Successful fraud has stolen billions of dollars annually
  • [Banks don't do enough to warn customers of this fraud, but that's another story]
  • Money mule opens account with bank, provides various information
  • Money mule account receives large wire transfer (proceeds of theft, perhaps not detected for a few days)
  • Money mule account immediately forwards this large wire transfer to another account, possibly out of the country
  • This large wire transfer activity is probably very unusual, and probably not what the account holder originally told the bank the money would be sent for
  • If the bank had inquired or slowed the transfer, the money could have been recovered.

Detecting a solicitation to become a money mule

Attorneys get tons of requests to become unwitting money mules. For example, cybercriminals masquerading as legitimate potential clients have requested that I:

  • Handle the purchase of an oil rig
  • Handle random contracts
  • Handle random settlements
  • Handle financial transactions for whatever reason.

Sometimes the request is general and without details. Sometimes it teases high fees for a limited amount of legal work.

Non-lawyers get solicitations too. Especially people actively looking for work. These requests can range from laughable to sophisticated, and there is a continuum between them attempting to victimize, use as a money mule, or otherwise launder funds.

The money mule's cousin, the reshipper, package receiver

A money mule forwards funds on behalf of a cybercriminal.

Cybercriminals also need people to receive packages and forward them. A good topic for another article.

The money launderer

Then compare the money launderer, and consider the difference between the process of money laundering (long and complex) and the roles of certain individuals within that process.

A money mule helps with the process of money laundering, but might not necessarily be a "money launderer".

I think of a money launderer as someone who meets all the elements of the crime of money laundering. They know the funds are dirty (the proceeds of criminal conduct) and they facilitate financial transactions to disguise the source, destination, or ownership of those funds. Usually they do it for a personal benefit, such as payment and profit.


Every individual and organization could be victimized by this crime. Knowledge can prevent it.

This is a brief summary with many simplifications, attempting to bring complex subject matter to all readers in an understandable and accessible manner. It is not legal advice nor consulting advice, and is not tailored to your circumstances.

If your organization needs help improving cybersecurity, creating or improving your policies, complying with cybersecurity related laws and regulations, contact me. Good policies are an important part of cybersecurity, along with Bandler's Four Pillars of Cybersecurity.  Sometimes individuals need help with cybersecurity and investigations too.

Additional reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at NOT YET(though perhaps not kept as current).

Originally posted 5/20/2023. Updated 6/8/2023.