After the fitness center where Denise Newton worked closed in April because of the coronavirus, she posted her résumé online to look for a new job. She soon got a call from a company she had never heard of.
The woman who phoned from the company, Heies, invited Newton to apply for a job as a “local hub inspector.” When she started work in May, Newton began receiving boxes with Apple Watches and laptops in them. Her job was to open the boxes, check the contents and then mail them to foreign addresses.
But something was off. The boxes were suspiciously plain, even though they included brand-name products. The name on the labels was never Newton’s. When she asked questions, her new employer stopped responding. In June, she reported Heies to the Better Business Bureau.
It turned out that Newton had become what is known in security circles as a money mule, an accomplice who, either knowingly or unknowingly, helps international criminal rings move their ill-gotten gains. In Newton’s case, swindlers appeared to be buying products in the United States with stolen money and then mailing them — using unwitting intermediaries like her to disguise their involvement — to overseas locations where the goods could be resold for cash.
“They really caught me at the perfect time,” said Newton, 24, who was living with her parents in Birmingham, Alabama. “I was just one of those desperate people looking for a job.”
Since the pandemic’s onset in March, the number of criminal schemes relying on money mules has spiked, just when many people have lost their jobs and are vulnerable to exploitation. The volume of schemes has been turbocharged partly by criminals going after enticing pots of money from the U.S. government — specifically, the benefit programs that were set up to help people and businesses hurt by the pandemic-induced economic downturn, authorities said.
In total, online human resources schemes where criminals pose as potential employers have soared 295% from a year ago, while schemes used for money laundering have skyrocketed by 609%, according to security firm ZeroFox.
Many people who perpetrate these frauds are based overseas, authorities said, so they need to move the money to their home country. Banks and authorities have made it harder to launder money through traditional financial channels in recent years. So these criminals are now increasingly on the hunt for a larger supply of potential money mules just as many newly unemployed people look for work.
“It is something that is escalating because of the current environment,” said Robert Villanueva, a former Secret Service agent who now works on cybercrime intelligence for the security firm Q6 Cyber. “It has become hard to avoid.”
Money mules are not new, and their numbers have risen alongside online fraud more broadly over the last two decades. Some people enter the business knowing it is illegal. Advertisements looking for money mules on the so-called darknet, an anonymous corner of the internet popular with criminals, often acknowledge the illegal aspect of the work.
“Hi. I need an excellent professional bank accounts loader for long term business,” read one ad from May, which was turned up by darknet research firm Flashpoint.
Yet seven people who became money mules during the pandemic told The New York Times that they had no inkling of what their so-called employer was up to when they began the work. Many had recently lost their jobs and needed to pay the bills. To avoid exposure to the coronavirus, they were also looking for jobs to do from home, just what many swindlers want from a money mule.
Alma Sardas, 21, had been furloughed from her job at a hotel in Fort Worth, Texas, this spring when she saw a listing on jobs site ZipRecruiter advertising a work-from-home position as a “virtual assistant” to a businessman in Hong Kong.
Sardas sat through a formal interview and spoke with a man who called himself Hermann Ziegler, who said he would be her boss. Once she was hired, she was sent a check for $4,590 to deposit into her bank account. She was told to use some of the money for her expenses and to send the rest from her account to her new employer’s vendors.
Sardas became skeptical about why the money would need to go through her bank account and called local police. They explained that she had almost been caught in a classic money-laundering scheme.
“You make yourself so sincere and these people just take advantage of it,” she said, adding that she had shredded the check and reported the incident to ZipRecruiter. ZipRecruiter said it removed the job posting immediately.
The schemes using money mules are varied. Some people who become mules are victims of online romance frauds who make bank and wire transfers for people they believe care about them. Others, like Sardas, are asked to use their own bank accounts to make financial transactions on behalf of their new employers. Newton became embroiled in what is known as a reshipping scheme, where the fraudsters buy goods with their stolen money and then use mules to get the products overseas, where they can be resold.
Some of these operations have become well-oiled machines. William Zackery, 64, a substitute teacher in Northern California, began working with a company called SFP Shippers in May. SFP Shippers appeared to have multiple departments, a website and a custom online dashboard that he had to log in to each day.
Zackery, who was out of work, was enlisted to receive packages with expensive purses and cameras. It was his job to print new labels and ship the goods on to other places across the country. Many mule operations use multiple shipping legs to cover their tracks, security experts said.
At first, he did not think anything was amiss. “I was getting calls two or three times a day from my so-called supervisors,” he said. But when the new employer stopped communicating, “I started doing some research that I should have done at the beginning.”
Zackery ultimately reported SFP Shippers to local and national authorities; the company’s website has been taken down.
Sometimes people’s identities are used without their knowledge. Over the past few months, Scattered Canary, a Nigerian criminal operation, submitted fraudulent claims for unemployment benefits in at least 14 states and then had the money delivered to accounts that they had set up, in the names of their victims, with Green Dot, a financial services company, according to security firm Agari.
Scattered Canary then sent the money overseas through Green Dot’s online system, all before the person whose name was used was alerted to the new account, the security firm said.
Alison Lubert, a spokeswoman for Green Dot, said the company works “around the clock and invests heavily to identify, block and address fraudulent activity.”
Jamarle Worilds, chief of the illicit finance unit of Homeland Security Investigations, a division of Immigration and Customs Enforcement, said many people who act as money mules “don’t actually understand that they are operating in the space.” He said he had recently received text messages offering him the opportunity to work from home, which he easily spotted as an effort to recruit him as a money mule.
“I’m not sure about how they got my information, but that’s what it’s come to,” he said.
In Newton’s case, the woman from Heies who called identified herself as Carla Neely. She told Newton that the company needed “hub inspectors” to move packages for customers. Newton was pointed to a company website and went through an interview and a formal human resources process before being hired.
“Congratulations! We were impressed with your interview and would like to extend you a conditional offer for the position of Local Hub Inspector at Heies,” Neely wrote to Newton in her hiring letter.
Apart from Apple Watches and laptops, Newton said, she was also sent odd items, including a pack of sponges and a garbage disposal.
By the time Newton reported Heies to the Better Business Bureau, the numbers and emails that the company had used were dead. Its website had also been taken down. The perpetrators, who have faced other online complaints, have not been caught.
“I feel scared that I have blood on my hands because I’m in the middle of a scam and I’m also in the middle of a pandemic,” Newton said. “They pretty much just took advantage of my vulnerability.”