New money mule email scams lead to infamous Rock Cruit Management
May 25, 2012
Today, while reviewing my auto-deleted spam email messages, I found one that I decided to take a closer look at. It is an obvious Money Mule recruitment scam (to spam hunters like me), with the subject: "Re : Re : Please Complete Your Job Application." Let's see where it leads, shall we?
First of all, everything in the headers is garbage. Throw them out, except to report the unwitting sender to SpamCop, which I did. The sender was an open proxy in Greece. The spamvertised link was to a URL shortener service hosted in China.
The bait was as follows:
The salary available for open openings range from $35.77 /hr to $57.62 per hour.
Prior being considered, we will first need you to formally apply.
Please go here to begin the process:
I have seen these exact same words, with only slight variations, for a year or longer. In fact, I write spam filters for MailWasher Pro users which detect these phrases and others, to auto-delete such scams.
I decided to follow the URL shortened link and see where it leads.
The first stop along the spam link highway was the URL shortener service called iurl.us. Anyone landing there is quickly transferred via an HTTP Refresh code to another middleman website. That site then redirects visitors to a third site, which uses a 302 Found redirect to a template page for a money mule recruiter affiliate. This is where the buck stops, figuratively speaking. The company name displayed in the upper left says: Rock Force Management.
Nothing suspicious or revealing is to be found on the landing page. But, to proceed with the application, one must click on a button (a .gif image) that takes you to "page2.php." This is where is gets interesting. Here, victims are asked for personal information, including their address and phone number. One of the hidden form fields tells who is behind this scam: input type="hidden" name="listname" value="rockcruitmanagem"
Regular readers of my blog will already be familiar with this fake management company, which involves variations of the words "Rock" "Cruit" and "Management" in email scams going back to this time last year. The copyright details in the footer claim to be "Hot Deal Dep, LLC." This is the affiliate website that sells the templates to spammers, who drive traffic to the people running the RockCruit Management scam.
The scam is that people meeting the application minimums will be offered positions as "money mules" in a criminal enterprise. Some will receive and wire-transfer out stolen funds from bank accounts which have been hijacked by banking Trojans, like ZeuS. Others will receive packages purchased with stolen credit cards and will be instructed to reship them to a foreign location. These crimes are known as Money Laundering, Wire Fraud, Aiding and Abetting, and Receiving Stolen Goods and are punishable by hard time in a US Federal Penitentiary.
What the money mules are told is that they will work under test conditions for a short period of time, usually less than one month, after which they will begin to get paid. What always happens is that the people pulling the strings cut them loose with no pay, before the month is up. All communications from the mule to the master is severed, leaving the mule with nothing.
But, one day, after fraudulent bank transfers or illegally purchased goods are traced, they Police end up kicking down the money mule's door and hauling them off to Jail. In the meanwhile, Boris Badenov and Natasha Darlink live in luxury, in the former USSR, off the money the mules wired to them, wearing the fancy cloths bought with stolen cards and sent to them by their reshipper mules.
Don't fall for Russian Money Mule scams. There is no real job being offered in the "pay range from $35.77 /hr to $57.62 per hour scams. All that awaits the victims is prosecution in a Federal Court, in the USA.