TL;DR: Money mule schemes move stolen funds through recruited accounts to obscure the source of fraud proceeds, and recent research cited by Prove Identity says almost two-thirds of people in the U.S. and U.K. have been targeted for mule recruitment. The governance lesson is that fraud controls must verify both the person opening the account and the movement of funds after onboarding.
NHIMG editorial — based on content published by Prove Identity: Understanding Money Mules and How Identity Verification Can Stop Them
By the numbers:
- European Money Mule Action 2022 identified almost 10,000 money mules across Europe and helped prevent almost €32M in ill-gotten gains.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: What breaks when money mule controls stop at account opening?
A: When controls stop at account opening, a real person or a convincing fake can still be used to move illicit funds after onboarding.
Q: Why do money mules make fraud harder to trace?
A: Money mules break the link between the original victim and the final criminal by inserting third-party accounts into the payment chain.
Q: How can identity verification reduce mule recruitment risk?
A: Identity verification reduces mule recruitment risk by making it harder to open accounts with weak, synthetic, or coerced identities.
Practitioner guidance
- Strengthen identity proofing at onboarding Use stronger identity verification for new accounts that are likely to receive or move funds, especially where social, device, or phone signals are weak.
- Monitor inbound and outbound payments together Review both incoming and outgoing transaction patterns for mule indicators such as rapid pass-through behaviour, multiple small transfers, and immediate cash-out or crypto conversion.
- Add behavioural and phone intelligence to risk scoring Combine behavioral biometrics, device history, and phone intelligence into the fraud decision so that account legitimacy is evaluated continuously.
What's in the full article
Prove Identity's full article covers the operational detail this post intentionally leaves for the source:
- The full recruitment typology for witting, unwitting, and complicit money mules, including how each behaves differently.
- The article's examples of social engineering, romance scams, account takeover, and open-channel recruitment patterns.
- The law-enforcement response section, including EMMA 2022 findings and the scale of disrupted proceeds.
- Prove Identity's discussion of identity verification methods such as behavioral biometrics, Trust Score, and Instant Link for fraud detection.
👉 Read Prove Identity's analysis of money mule fraud and identity verification →
Money mule recruitment and the identity verification gap?
Explore further
Money mule fraud is an identity governance problem disguised as a payments problem. The article correctly shows that the key control gap sits between account onboarding and transaction monitoring. If an institution verifies a customer once and then stops watching for behavioural drift, mule activity can move through apparently legitimate accounts. For identity and fraud teams, that means verification assurance must extend into account lifecycle monitoring, not end at signup.
A question worth separating out:
Q: Who is accountable when a mule account is used for laundering?
A: Accountability sits with the organisation that allows the account to be opened, monitored, and used without adequate fraud controls. For regulated firms, that means KYC, ongoing monitoring, and suspicious activity handling must work together. A weak onboarding process is not enough to explain the outcome if transaction controls also failed to flag obvious laundering patterns.
👉 Read our full editorial: Money mule fraud exposes the verification gap in digital identity