Spend a few weeks lurking in the right corner of Telegram and you’ll see a particular pattern of recruitment ad. “Easy €500-€1,500 per week. No experience needed. We provide everything.” The poster is offering money mule work, moving fraud and ransomware proceeds through bank accounts in exchange for a cut. The recruits often don’t understand what they’re signing up for, and the legal jeopardy when it goes wrong is severe.
The pitch
The recruitment messaging is professional. It targets young people, students, recent immigrants, anyone with a clean banking history but tight finances. The pitch never says “money laundering.” It says “remote work,” “financial assistant,” “transfer agent,” sometimes specifically frames itself as helping a foreign company that “can’t open its own account here.”
The role: receive money into your bank account, withdraw it (cash, crypto, or onward transfer), keep a percentage, send the rest to an address provided by the operator. The operator absorbs the technical risk; the mule absorbs the legal risk.
The vetting
Before activation, recruiters run their own version of KYC. They want to confirm the bank account is real, the recruit is the actual account holder (not a stolen identity), and the recruit will follow instructions under pressure. The standard test: they push a small amount through and see how cleanly it’s withdrawn and forwarded. If the recruit handles it well, the volume goes up.
Some operations issue prepaid SIM cards and shipped-in laptops to standardise the workflow. The recruit is told to use only the provided device for work, partly for OPSEC and partly to ensure the operator can monitor what the mule is doing.
What the money actually is
The money flowing through the mule’s account is almost always proceeds of fraud, BEC wires, tech-support scam payments, romance-scam victim transfers, occasionally ransom payments that have been converted to fiat already. Each transfer represents a victim somewhere who lost real money, often a sum that materially affected their life.
The mule never sees the victim. The mule sees a transfer arriving and an instruction to forward it. The framing makes it possible to participate without confronting the harm.
The legal exposure
Money mule work is felony money laundering in most jurisdictions. In the United States it carries up to 20 years in federal prison under 18 U.S.C. § 1956. The “I didn’t know” defence rarely works because the courts apply a “willful blindness” standard, if the deal looked too good to be true, the law assumes you should have known.
The downstream consequence beyond prosecution: lifetime banking ban, lifetime credit damage, immigration consequences for non-citizens, civil liability for the victim’s recovery. The mule’s small cut is repaid in years of life downstream.
Why the model keeps working
The supply of recruits doesn’t run out. There are always young people with empty accounts and a willingness to try a too-good offer once. Telegram makes recruitment friction approximately zero. Banks catch some of the activity but not all, and the cycle from recruitment to law enforcement action takes months, by which time the operator has moved on to the next batch of mules.
For the rest of us, the practical takeaway is education-shaped: if you know a young person who’s been offered “remote financial assistant” work, ask them to walk you through the details. The pattern is unmistakable once you’ve seen it. Catching it before they say yes is one of the few interventions that genuinely works.