Jonathan Frost, Director of global advisory, BioCatch

December 11, 2025

3 Min Read

Source: Panther Media GmbH

QUESTION: How can security and fraud teams identify money mules?

Jonathan Frost, director of global advisory for EMEA, BioCatch: The Financial Conduct Authority’s (FCA) review of the UK’s National Fraud Database (NFD) revealed 194,000 money mule accounts were offboarded between January 2022 and September 2023. Only 37% of mules were reported to the NFD (operated by Cifas) last year.

A BioCatch report found that last year, banks utilized machine learning to identify nearly two million mule accounts. As consumers adopt real-time payment methods, identifying mules throughout an account’s lifecycle becomes crucial for financial firms to protect consumers.

Money mules transfer illicit funds, knowingly or unwittingly, to help criminals launder money. By transferring these monies through a network of mule accounts, the mules launder the funds so the money can be reintegrated into the legitimate economy. They are often recruited under the guise of easy cash, with social media playing a key role in targeting complicit participants. Other mules are deceived through scams, such as romance fraud, and unknowingly become conduits for illegal transactions.

Identifying and closing these accounts remains a challenge because fraud databases capture only a fraction of cases due to high-proof standards. A proactive approach helps spot risk before fraud occurs.

Related:Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

Money mule behaviors can be categorized into five distinct personas, each requiring unique detection methods. By recognizing these personas early, financial institutions can respond to mule activity and prevent fraudsters from causing significant harm.

The Deceiver: The Intentional Fraudster

The deceiver is the most complicit of the mules, opening accounts specifically to commit fraud. They exploit financial systems with full knowledge of their actions, often engaging in identity fraud or synthetic identity schemes to remain undetected. Detection requires screening when they open an account and using insights from the opener’s behavioral activity to flag suspicious patterns before they can engage in fraud.

The Peddler: Selling Account Access for Profit

Peddlers don’t actively launder money themselves, but sell access to their accounts, making it difficult for them to plead ignorance. Their account history often appears legitimate. Monitoring for unusual changes, such as new users, unfamiliar devices, and behavioral shifts, can help identify when an account has been sold and is being misused. Peddlers often advertise on dark web forums or social media, making external intelligence sources valuable for detection.

Related:How Criminals Are Using Synthetic Identities for Fraud

The Accomplice: The Willing Middleman

Accomplices willingly receive and transfer illicit funds for financial gain and often are recruited with promises of easy money. These individuals maintain their original account details and may conduct everyday transactions alongside fraudulent activity, making them harder to spot. Look for shifts in transaction behavior, fund velocity, and payment destinations that deviate from normal customer activity. They frequently use peer-to-peer payment services, which demand heightened scrutiny.

The Misled: Unknowingly Facilitating Fraud

Misled mules unknowingly participate in money laundering, believing they are handling legitimate transactions. For example, they may receive payments for selling an item without realizing the funds originated from fraud. They often are recruited through fake job offers or online scams. These cases are particularly difficult to detect, requiring analysis of transaction context, payment sources, and inconsistencies in the individual’s account activity.

The Victim: Exploited by Fraudsters

Victims are the least complicit mules, often manipulated into providing account access or facilitating fraudulent transactions without understanding their handler’s intent. These cases frequently overlap with account takeovers, where fraudsters gain access to victims’ accounts and use them as conduits for laundering money. Behavioral monitoring that detects deviations in login behavior, device usage, and transaction pattern., is key.

Strengthening Defensse

To effectively combat financial crime, banks must constantly monitor account activity from the moment an account is opened through its potential misuse. Working backwards after the funds have been transferred and dispersed to other accounts at multiple financial institutions is expensive, time-consuming, and unlikely to succeed.

Cross-industry data sharing is also critical to identifying and disrupting mule networks before fraud spreads.

By identifying these five mule personas and being proactive about detection, financial institutions can reduce risk, protect customers, and stay ahead of emerging fraud trends.

About the Author

Director of global advisory, BioCatch

Jonathan Frost is the Director of global advisory at BioCatch and a seasoned expert in fraud prevention and financial crime. Previously, he served as the program director for the United Kingdom’s fraud and cybercrime reporting service. Jonathan has held several senior law enforcement roles that focused on countering the threat posed by economic crime. He led the delivery of the National Fraud and Cybercrime Reporting Centre, a function of the City of London Police.