What Is a Fraud Mule Attack and How Do I Prevent One?

A new hard-to-detect fraud trend is developing among retailers involving fraud mules.

Here is how it works:

1. A fraud ring posts a job on a job board, Craigslist or Facebook advertising a quick way to make money, often targeting lower-income zip codes.

2. Once hired, the fraudsters add their “employee’s” address to the account of a stolen card via social engineering, using cards issued from banks with lax security.

3. The “employee” makes one large purchase, using their personal email address and phone number.

4. From a fraud prevention standpoint, the order looks like a perfectly safe order. Billing address matches that of the bank, shipping and billing addresses match and the name on the order matches public records of where the “cardholder” lives.

5. A few weeks later the chargeback notification arrives.

At stake are large orders, often in the thousands of dollars. These orders can be very profitable if a merchant knows how to distinguish good orders from orders created by a fraud mule. Even one chargeback can be devastating to the bottom line, especially for merchants with narrow profit margins.

Why is this happening?

This newest fraud trend in the U.S. should not be a surprise given the level of data breaches that have occurred in recent years. In March, 106 million people in the U.S. and Canada had their records exposed. Included among the data stolen were 140,000 Social Security numbers and 80,000 linked bank account numbers, according to Capital One. However, in this case no credit account data was stolen. In other words, no “fullz,” full data sets for stealing someone’s identity and credit card were or will be offered on the black market based on the Capital One breach.

The market consultancy Juniper Research projects that the number of records stolen in data breaches will increase 22.5% per year through 2023, reaching 146 billion records.

The Equifax data breach in 2017 exposed the data of 140 million Americans, including in some cases credit card numbers. This is the kind of data breach that may precede the highly skilled fraud we are seeing in the recent fraud trend.

Nothing beats expert humans

It’s hard to estimate the amount of fraud that goes undetected every year. The new fraud trend mentioned above was not caught by a rules based system. Most machine learning systems would also fail to uncover it because no similar fraud tactics would have been in the labeled training data for the supervised learning systems that are the talk of the market.

Today, even with advanced fraud rules engines and machine learning, merchants still need experienced fraud analysts to catch the sharpest fraudsters out there. NoFraud fuses man and machine for the most effective fraud prevention. Using our technology, our analysts spotted the subtle clues across our customer base and reacted quickly, saving our customers millions in potential fraud losses.

To learn more about this new fraud trend and how to prevent it, reach out via email to shoshanah@nofraud.com