SWIFT revealed how cyber criminals encash stolen funds

SWIFT and BAE Systems Applied Intelligence have published a new report describing the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber-attack. There already have been multiple reports on how criminals successfully commit cyber heists, but this is the first significant material published on what happens to funds after they have been stolen, that is – how cyber criminals typically launder money.

As the cybersecurity grows stronger, criminals are exploring new ways to bypass technology. One of the most common ways to do so is recruiting money mules. The role of money mule is to provide the obfuscation in the chain between the initial fraud in the bank and the transfer of stolen funds by cyber-criminals. Criminals often involve unsuspecting victims into money laundering by using seemingly legitimate job advertisements, online posts, social media and other methods. Recruiters usually target young adults seeking to fund higher education and adults recently out of work, who are likely to jump at the chance to apparently easily earn extra cash.

Another popular way to launder illicit funds is the use of front companies. Front companies are considered to be fully functioning companies with the characteristics of legitimate business, serving to disguise and obscure illicit financial activity. Criminals often favourite this type of companies for their less stringent regulations.

Evidence of business being a front company include:

  • Company is engaged in financial activity that has no relevance to its stated area of business.
  • Evidence that different companies share same addresses, phone numbers, managers and owners.
  • Company lacks public activity and presence.
  • Company is engaged in textile, garment, fishery or seafood business.

Cyber-criminals may also seek to use cryptocurrency as a method for obfuscating and laundering the funds stolen during a cyber-heist. Criminals might launder the stolen funds at bitcoin farm, before using financial platforms to load prepaid cards with bitcoin. This option could seem attractive to criminals because cryptocurrency cards can facilitate the reversion of cryptocurrency back into fiat currency in small amounts. However, identified cases of laundering through cryptocurrencies remain relatively small compared to the traditional methods.

The effectiveness of a financial institution’s Know Your Customer (KYC) and screening processes are major reasons why some jurisdictions are favored by money launderers. KYC process is vital for correctly validating persons – starting from simple name screening and undertaking background checks to enhanced due diligence (EDD) with independent assurance provided by two-person validation to provide greater level of scrutiny. If these processes are weak, or if the staff is poorly trained, then this allows these checks to be ineffective. Besides that, criminals also tend to target insiders within financial institutions to undermine compliance scrutiny on KYC and due diligence checks.

Newsletter SubscriptionGet in touch