Estonian plasma TVs: Phishers fingered

We were too quick to point the accusatory finger at Nigerian 419ers for the Estonian plasma TV job offer scam as discussed yesterday.

To recap: you receive a lovely email offering the chance to get involved in the Baltic flat screen market. To do this, you will be asked to transfer certain funds abroad and keep a percentage for yourself.

Seems straight forward enough, but what is really happening, is that you are being enticed to launder money stolen from accounts compromised by phishers. This scam is well-known to the Australians, as Daniel McNamara of www.codefish.net.au notes:

"Basically the main problem for the phishers targeting Australian bank accounts is a majority of Australian Internet Banking systems do not allow overseas transactions (mostly as prevention against these forms of fraud). So what happens is:

• Phishers compromise a number of bank accounts through either traditional phishing or keylogger trojans.
• Phishing have no way of directly extracting the money so they recruit people via these fake jobs to act as (unwitting) mules.
• The mules are asked to have Australian bank accounts (normally within the same bank as the compromised accounts).
• The phishers then transfer a large amount of money (normally just under $10,000 AUD as that what trips most banks security checks) from one of the compromised accounts to the mule's account
• The mule is then asked to withdraw the money (minus a percentage which is normal 5-7 per cent for their "wage") and wire it directly to an overseas bank account (so essentially a direct deposit). Since wire transfers are normally anonymous and fast this works very well for the phishers. There have also been cases of people being asked to withdraw the money and hand it to someone here in Australia.
• When the banks have the missing money brought to their attention the mule is left holding the bag as the that's really where the transaction trail ends."

We spoke to Jemma Smith of the UK's Association for Payment Clearing Services, who confirmed McNamara's scenario. She further explained that Australia was originally targeted by scammers because it was possible to transfer money out of the country online. This loophole was subsequently closed, meaning that phishers based abroad could not use stolen details to themselves move funds overseas. The solution was, as McNamara explains above, to find "mules" to do the dirty work for them. Hence the fake job offers.

Smith told us that, for a UK sting, these scammers will hope to find a willing accomplice who already has an account in the same bank as the phishing victim. Once the stolen funds have been transferred into the mule's account, her or she then forwards it to the scammers, often in cash and via money transfer.

The "audit trail" therefore ends at the mule - who is certain to receive a visit from the authorities, Smith said. Indeed, they are "liable for prosecution within the UK" - and pleading ignorance is unlikely to mitigate in their favour.

Thankfully, Smith confirmed that of the millions of phishing emails received across Britain, "only a handful" ever resulted in a positive for the scammers. As for the mules, Smith expressed surprise that anyone could fall for such a transparently dodgy offer, and concluded with the time-honoured: "If it looks too good to be true, then it is too good to be true." ®

Related stories

419ers plug into plasma TV market
Phishing attacks on the rise
eBay and PayPal go after auction fraudsters
Phishmongers target Lloyds TSB customers
NatWest warns of dodgy email
Phishing and viral tech combines in new menace
Gone Phishin'
Email scammers target Halifax, Nationwide, Citibank
NatWest customers targeted in phishing scam
UK banks and police proffer anti-phishing advice

Related sites

Another fake job offer as noted on Codefish
APACS press release outlining how to protect yourself against Internet fraudsters (PDF).