by Jack Robertson
Money mule networks have evolved into highly organised, hierarchical operations that mirror legitimate businesses, with sophisticated muleas- a-service models where specialised groups recruit, verify, and manage mules across multiple jurisdictions. In 2024, more than 34,000 cases of suspected money mule activity were filed to the UK national fraud database, with approximately £10 billion of illegal money laundered annually—a major threat to the UK’s financial system. Despite an 8% drop from 2023, muling remains a serious issue, with under-30s the most at risk of exploitation.
Criminal organisations increasingly exploit genuine banking customers as mules, bypassing fraud checks that focus on identity verification rather than synthetic IDs. “We’re seeing the emergence of ‘mule-as-a-service’ business models through the rise of fraud-as-a-service (FaaS) advertisements on search engines and the dark web,” explains Steve Goddard, fraud subject matter expert at Featurespace. “Groups offering quick money schemes on social media have also enabled mule networks to easily work across borders.”
Given the scale of mule activity in the UK in 2024, these networks now operate like professional services, using sophisticated layering techniques to move funds through multiple accounts before conversion to cryptocurrency. Nearly two-thirds of money mules in the UK are younger than 30, reflecting how criminal organisations target vulnerable demographics. These operations show remarkable agility: when UK authorities disrupt one part of the network, they quickly reroute without slowing speed or scale.
“As obtaining data becomes much easier, money mule networks are able to scale, meaning machine learning approaches are vital to boost detection and prevention rates rather than simple matching processes,” notes Goddard.
The gap between criminal networks and legitimate institutions has widened. While some banks struggle to share data across product lines, criminals exchange information with ease. “The bad actors share information with each other daily,” notes Mark Sully, managing director, EMEA sales, AML Rightsource. “Here are the gaps, here’s how to dodge Bank X’s system—there’s a playbook on the dark web.”
This intelligence sharing has made recruitment more sophisticated. “Gangs share what works—where’s the weakest point, the weakest link?” says Sully. Sully adds that gangs now build detailed profiles of targets—”who they are, their lives, and how to lure them in with legitimacy.”
Fraudsters leverage automation to create highly personalised phishing attacks, using personal data scraped from social media to craft messages that appear entirely legitimate. Artificial intelligence (AI) has removed technical barriers that previously limited these organisation-scale operations.
The shift to digital platforms has fundamentally changed recruitment dynamics. “People tend to be a lot more open online and sharing information than they are in the more traditional sense of muling,” explains Sully. “It’s the vastness and access to data. The access to funds and different wallets is a lot easier. There’s the versatility, easy access to people.”
Cross-border operations now involve sophisticated layering techniques, with funds moving rapidly through multiple jurisdictions before conversion to cryptocurrency, complicating recovery efforts. Criminal networks leverage advanced technology without regulatory constraints, giving them significant advantages over legitimate institutions.
“We’re not the only ones that have technology. The bad actors have the technology as well,” warns Sully.
Traditional know your customer (KYC) processes created bottlenecks for fintech companies, resulting in lower adoption rates and frustrated customers. In response, some fintech, crypto, and payment firms now market super-fast onboarding with minimal checks. That speed creates vulnerabilities that criminals exploit to open mule accounts.
Fraudsters can spoof ID checks—even biometrics or video interviews—using stolen or forged documents, giving them control of hundreds of money mule accounts. Third-party KYC providers that prioritise high customer pass rates over security create additional systemic vulnerabilities.
We’re seeing the emergence of ‘mule-as-a-service’ business models through the rise of fraud-as-a-service on the dark web.
Criminals use scripts and bots to mass-create mule accounts, as KYC platforms often rely on weak or fully automated checks designed to expedite the application process. “Criminals exploit automated KYC by using high-quality synthetic IDs or by recruiting people in financial distress who can pass facial recognition and document checks,” explains Pavel Goldman-Kalaydin, head of AI and machine learning at Sumsub. “We counter with layered AI-driven liveness detection, device fingerprinting, and behavioural analytics from the start.”
Firms are adding tools like facial recognition, device profiling, and geolocation, with machine learning, reducing the risks of static rules-based systems.
However, traditional detection methods face new challenges. “Real-time deep fake videos defeat liveness checks through face-swapping technology,” explains Martyn Higson, chief technology officer at Fincrime Dynamics. “There’s a constant arms race—when one side advances, the other catches up quickly. The challenge is that criminals can fail without consequence, while banks risk impacting customer operations if new technology fails.”
“Focusing only on known fraud flags can blind us to new patterns,” warns Goddard. “We need supervised and unsupervised machine learning techniques to identify changes to how criminals execute their attacks, focusing on their behaviour rather than fixed patterns.”
Detection reflects industrywide changes in approach. “AML monitoring systems are becoming increasingly focused on identifying clusters of suspicious behaviour rather than isolated cases,” notes Goldman-Kalaydin. “We look for patterns such as multiple accounts tied by device fingerprints, linked IPs, and unusual transaction velocities.”
Muling has developed from county lines activity into sophisticated hierarchies.
The shift represents a fundamental change in detection methodology. “Common red flags include repeated onboarding attempts after suspicious behaviour and shared financial attributes across accounts,” explains Goldman-Kalaydin. “Organised mule networks also display tightly timed transactions, geographic spread with synchronised activity, and identity traits that subtly deviate from legitimate norms—clues our AI models continuously refine to support compliance teams.”
Effective detection relies on identifying unexpected deposits, rapid dispersal of funds through networks of accounts often within minutes, movement to international jurisdictions, and rapid ATM withdrawals. However, the sophistication of detection systems must evolve beyond basic transaction monitoring. “Traditional broad-brush rules like flagging crypto payments work for catching obvious fraud, but they create problems by incorrectly targeting legitimate customers who exhibit similar patterns,” notes Higson. “We’re shifting towards behavioural changes— looking for deviations from established patterns and signs of pressure like compulsive account checking or unusual transaction timing.
Most firms engage with bodies such as Cifas, UK Finance, the National Economic Crime Centre (NECC), and Fintech Fincrime Exchange (FFE) to share findings and prevention measures. The national fraud database operates as a reciprocal data-sharing arrangement, its strength lying in collective intelligence.
Yet significant barriers remain. “Criminals share massive amounts of information—not just on dark web forums, but openly on Reddit. I’ve seen exploitation techniques announced within a week of product launches,” says Higson. “Meanwhile, financial institutions stay siloed. We have this backwards competitive thinking where data volume is seen as an advantage, when sharing would stop attacks at source.”
The transformation of money laundering into industrialised “mule as a service” operations represents a critical threat to the UK’s financial system. With £10 billion laundered annually, these sophisticated criminal networks operate with business-like efficiency, exploiting technology and cross-border collaboration while financial institutions often struggle with internal data sharing.
Criminal organisations run agile intelligence networks, sharing tactics in real-time and deploying AI-driven recruitment. Traditional detection methods are insufficient against this evolution. The industry must respond with equally sophisticated approaches: machine learning that identifies behavioural patterns, enhanced collaboration, and adaptive technologies.
Financial institutions, regulators, and law enforcement agencies must accelerate intelligence-led strategies to counter these industrialised criminal networks.
Criminals exploit automated KYC by using high-quality synthetic IDs or by recruiting people in financial distress
