There’s no two ways about it, cybercrime is big business. Accurate estimates are hard to come by, but you can safely assume it’s well into the billions of dollars. Likely hundreds of billions. That’s a lot of money by any measure and once it’s out of a victim’s account, it has to go somewhere. To handle all of that money, cybercriminals have set up an extensive underground network of intermediaries, cutouts and middle men who handle the pilfered cash and get it to its final destination.
The first step in the process is removing the money from the victim’s account. This isn’t always as simple as it would seem. Once a hacker has access to a victim’s account, he can either try to steal as much money as possible right away or execute a series of smaller transactions that may not draw the attention of bank anti-fraud measures. If the hacker is only interested in a quick hit, he’ll likely go for one large transfer. But he doesn’t want to make the transaction easily traceable, so he’ll use a middleman.
These people often are recruited through ads on Craigslist or elsewhere online offering quick income for working at home. In fact, they’re money mules. The hacker will transfer the money, let’s say $1,500, to the account of a money mule. That person will take a small cut, say $150, for her trouble and then transfer the rest of the money to another money mule.
Many of these people likely aren’t aware that the money they’re moving is stolen, but that’s turned out not to matter much to prosecutors and judges, as several money mules have been convicted of bank fraud in the last few years. Hackers know this of course, and will sometimes use mules in foreign countries that don’t look so harshly on the practice.
After bouncing around from account to account, the victim’s money eventually ends up in the hands of someone allied to the original hacker, perhaps someone in the same cybercrime crew or a contractor who works on a job-by-job basis. Now comes the hard part: cashing out.
This can be done in a few ways. One method is for the “casher” to take the money and buy some moderately expensive goods, maybe a few iPods or a couple watches. He can then take those and either hand them off to the hacker or sell them on eBay and then turn over the proceeds. Another method is for the casher to use the stolen money to buy gift cards at a retailer such as Walmart or Best Buy, which the hacker then can use to buy whatever he wants.
It’s sometimes more complicated and sometimes less complicated than this, but the result is the same: In the end, the hacker gets your money.