Who wants to be a money launderer?

When I have a free 10 – 15 minutes, I sometimes use the time to look at the latest spam. Of course, our antispam program filters it out to a dedicated directory. (I do wonder, though, why spammers persist in sending spam to @kaspersky.com).

Spam can be interesting reading – in English and Russian – I can’t read the Japanese or Chinese spam 🙂 Of course mostly it’s fake or grey market medicine, pirate software, designer watches, financial scams etc. etc. ad nauseum ad infinitum.

But I’m starting to see more and more spam which offers a great earning opportunity: work as an agent transferring money via your account to the accounts of some company’s clients. And the company will pay the transfer fees. Here’s a couple of the English language examples.


A large European electronics wholesaler OLDI Computers LLC is looking for representatives in Your region. This job will let You make from $500.00 a week. Your duties will include receiving payments from our customers and sending the money to our company via Western Union or Money Gram. You will need to establish a banking account with one of the Your region banks or to use Your personal bank account.


Dear Sir/Madam!

Greetings to everyone who has recieved this letter from us, we which you a best luck in the next year and best luck with us, with our offer. You already know that two biggest events of the year are very close to us and soon will finally be here. Merry Christmas and New Years. We want to which you a best luck already and as a gift we want to offer you a job.

Our company currently is seeking for people who can help us out and earn good money for themselves. We need as many people as possible. You can consider this opportunity as a Christmas Job. You will be able to make quick money everyday, spending 1-3 hours a day, no knowledge requiered, no past experience, anyone can apply. You must be 18+ y/o, you have to be an honest person and responsible. You will like working with us, it will be convenient and easy. Our Big Benefits: 1. You will spend not more than 1-3 hours a day. 2. We pay out everyday. 3. $600-$900 a week guaranteed. To start working with us you need to fill out application at our website http://www..[censored]..com click on “Regsiter” and procceed with registration. When done, we will contact you over the phone and you can consider yourself already part of our team. Sign up right now, time is money and Christmas is almost here, so hurry up!

Of course, paying through a third party account rather than paying the company directly has to be a scam. In cases like this, the recipient is being invited to participate in money laundering – and who’d say agree to that?

But there must be people who do agree, either because they want the money, or because they’re gullible by nature. I’ve got two questions – how much money these intermediaries ever see, and are law enforcement bodies really ready (in terms of legislative support) to cope with such scams?

Who wants to be a money launderer?

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox