How criminals use mule accounts to launder their money

Share this post

Posted by Pablo de la Riva· 4 min read

Banks are shutting down tens of thousands of accounts every year due to suspected fraud; on average, Santander closes down 24,000 accounts each year, and just under half of all those are suspected mule accounts – a huge proportion.

What are mule accounts?

There are two types of mule accounts:

  • Accounts created by criminals using stolen or synthetic identities. This is where criminals use legitimate or a blend of legitimate and fake customer information to commit new account fraud, opening new accounts for illegal purposes that they have complete control over and that cannot be traced back to them. They can use these to transfer their funds between them, to ‘clean’ the money and/or to raise credit scores on the accounts before withdrawing up to the credit limits with no intention of paying the money back to the bank.
  • Accounts belonging to legitimate customers who have allowed criminals to use their account for illegitimate reasons.

Often, these are unsuspecting, ordinary people who have been seduced by the prospect of a ‘job’ which promises to pay well for short hours, all from the comfort of their own home. The roles often have seemingly legitimate titles such as ‘money processing agent’.

All they have to do is provide their account details. Money then comes into their account and they follow instructions to send this money on to another account – often for a cut of the sum.

At first glance, this seems like a simple way to make fast cash.

However, this process turns their legitimate bank account into a mule account, which is illegal. For example, in the UK, if caught, the account holder could face up to 14 years in prison, as well as find it extremely difficult to perform basic actions such as opening a bank account in the future.

And, if identified as a mule account, it will be the account owner who ends up taking the rap for the crime, whilst the true masterminds of the operation get away with it scot-free.



Both types of mule account are used to support the money laundering operations of criminals. This means that when legitimate customers allow their accounts to be used in this way, what might seem like a harmless and easy way to make money from home, could end up facilitating all sorts of crime, including terrorism, drugs running, illegal arms dealing, people trafficking, and more.

And when criminals succeed in creating illegitimate new accounts in the names of others, it means they have control over complex networks of mule accounts, transferring money between them in order to distance themselves from their everyday criminal activities.

Mule accounts mean it is possible for fraudulent transactions that were reversible and traceable to become irreversible and untraceable.

Which legitimate customers are being targeted?

Fraudsters are currently turning their attention to recruiting younger people as money mules; they are more likely to fall for these scams due to their vulnerability and because they are more often short of money. Barclays has released figures demonstrating that nearly a third of money mules reported to the bank were under the age of 21.

Hashtags that can put you in jail

Youngsters’ love of social media makes them relatively easy to recruit, all fraudsters need to do is employ some basic social engineering techniques.

For example, hashtags on social media, particularly Twitter, promoting ‘easy money’ are used as bait to entice people into criminal activity.

According to Santander, 1 in 4 people aged under 25 have admitted to engaging with social media posts featuring hashtags that are commonly used to recruit money mules, for example, #PayPalFlip, #EasyMoney, and #legitmoneyflips. However, engaging with these posts is a sure-fire way to fast-track to a criminal record.



Many people do not know that mule scams are illegal, so do not realize there are any punishments. Prison time may seem like the gravest of repercussions, but there are other penalties too. This is another reason that younger people are so susceptible to these scams – they simply do not understand the consequences of their actions.

For a lot of teenagers, their bank account will be their first and they may take it for granted. They are probably unaware that by being a ‘money mule’ their account could be frozen and, again citing the UK as an example, they may be unable to apply for a new one for as many as six years, which could leave them financially dependent on family or friends until well into their 20s.

They might also fail to take into consideration their future financial needs, such as obtaining a credit card or getting a mortgage. These avenues could be closed off to them.


It’s not only the young who need to be wary, however. People aged between 40-60 years are often seen as the ‘perfect mark’ by fraudsters. This is because older people with no history of crime or fraud are deemed less suspicious by banks and some anti-fraud solutions.

Another type of mule account scam that can affect older people happens when someone thinks they are taking out a loan, but accidentally do so from an illegitimate company.

They receive more money than they asked for, which is explained away by fraudsters as an ‘administrative error’. The unwitting mules are then asked to send on the ‘overpayment’ to a different account from the one that sent them the money in the first place.

Again, the criminals are ‘cleaning’ the money obtained through crime and making it harder for fraud investigators to trace and return it to its rightful owner.

What can banks do to combat mule accounts?

Mule accounts are used to disseminate the funds stolen through fraud and make it increasingly difficult to recover the money, often leaving financial service providers out of pocket.

A solution for banks’ security should start by analyzing historic account data, setting up alerts that allow them to quickly identify any suspicious activity such as a sudden and large injection of cash into an account. However, this is not sufficient to completely counteract mule accounts.

Alongside this, a fully comprehensive solution needs to figure out who the fraudsters themselves are as a priority.


It needs to be able to detect typical fraudster behavior in the account onboarding phase as a first barrier so that criminals cannot open illegitimate new accounts in the first place.

This means criminals’ only option will be to recruit money mules. This is where a solution needs to pinpoint the typical behaviors of known fraudsters in order to recognize them in the future and stop them from laundering money.

If criminals have already managed to create illegitimate accounts, behavioral biometrics, in conjunction with the historical device and environment data, can be used to discover criminals’ individual modus operandi.

This means it is possible to identify the fraudsters themselves, and then use link analysis to detect the other mule accounts they are controlling, blocking all fraud and money-laundering perpetrated by that same criminal and therefore even playing a part in helping to stop wider criminal activity.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?