Go and look up the concept of money mules. Fraudsters don't need to setup bank accounts, they either buy bank accounts off people for £50, or convince people to move the money on their behalf by claiming they're doing an "accounting" job that involves large money movements, and the mule will get paid a percentage.

Most people don't realise what these accounts are used for, or just don't care because they're paid enough to look the other way. Then stolen funds are quickly moved across dozens of banks, with the money being split and re-combined with potentially legitimate money. Eventually the administrative overhead of tracking the money gets so great that no one bank can be bothered to do anything about, and the police aren't interested in actually investigating. The end result is that once the stolen money if a dozen or so bank accounts away from the victim, it's extremely unlikely that anyone is actually going to trace the money to that account, effectively making the money clean.

You see ads on instagram offering to buy or borrow your bank account for £50... and when they're used for muling guess who it is that gets their account banned and then a CIFAS marker ensuring they can't bank anywhere else? The desperate kid who needed the money, not the actual criminals behind it.

Yet another reason for regulating advertising. Why are these platforms not held liable as accomplices? I can't think of any legitimate reason for an ad to buy/rent someone's bank account.

At least in my experience these aren’t official ads. It’s random sketchy people posting about “business opportunities” with stacks of cash or whatever.

Acting as a mule for money laundering is a crime. They are criminals. They might be young, but the majority of them know they are doing something wrong.

I'm not suggesting they aren't criminals. But there is a spectrum of criminality and I am suggesting they are considerably less so than the leaders of the fraud ring.

These ads are deliberately designed to prey on the desperate, unfortunate or the technically illiterate.

Some of them probably know exactly what they're doing and I have no sympathy, but some of them probably fall into the same category as people falling for Authorised Push Payment fraud.

Isn’t that true for all types of crime?

In the worst cases the accepted practice can be as severe as locking them up and throw the key away, even if it was totally unintentional.

Like a drunk driver plowing into a group of school children, or a ship captain that sinks a cruise ship while distracted.

Having extra scrutiny imposed on future banking activity is a minor punishment for a minor crime.

> What's always missing from stories like this is how the crooks get the money out.

It is in the article:

The fraudsters had told her to shift her "at risk" cash to an account on a cryptocurrency platform that they emptied - while isolating her from family by stressing secrecy and coaching her on how to respond to sceptical bank officials. "They knew the name of my financial adviser, they were utterly convincing as FCA staff," she said. "And they told me I could not tell anyone about the investigation as it would damage their efforts to catch the crooks."

Granted that in this case it was a cryptocurrency account, but I've seen dozens of articles like this over the years in which cryptocurrency was not mentioned or didn't even exist yet.

> What's always missing from stories like this is how the crooks get the money out. Considering that all Western governments have achieved total surveillance on our banking and made it impossible to have anonymous bank accounts, I'd like to see a detailed analysis about why they can't follow the money and see who gets it.

It's not really like this. Banks (and Western) governments are extremely meticulous about recording financial transactions, but have relatively few systems for actually retrieving that information for proactive law enforcement. There are large historical and technical barriers that prevent meaningful advances in the government's ability to surveil bank accounts in real time.

As just one example: interbank settlement over ACH is measured in days, not seconds or even hours. During settlement, anything can happen: the ODFI might try to claw the transaction back, either institution can go bankrupt, the destination account might close, etc. A human frequently intervenes to handle these cases. Banking is eventually consistent, but the fraudster is frequently long gone by that point.

Edit: it's also worth noting that "anonymous" (read: numbered) banking is also really only good for Doing Crime (and Having Crime Done to You). But plenty of countries, including the US, allow you to open bank accounts (and do debit transactions) without an official government ID.

Scenario 3: Unsuspecting people are recruited to get "Bitcoin management operator" jobs, where they receive funds on their account, buy bitcoin with said funds and send the coins over.

In the past, the same mules were sending Western money transfers or similar, but nowadays cryptos are so handy most criminals have migrated to it.

After a few months the cops usually come knocking, and depending on the jurisdiction, the poor mule is hit with fine/jailtime and/or the debt

Or what about Nigeria and India based scam artists ripping off thousands and thousands of elderly Americans on a daily basis? I think in India it’s turned into an entire industry by now. Is there really nothing American law enforcement can do about it or are they just asleep at the wheel?

US authorities pass leads to Indian/Nigerian authorities which are paid off to do nothing.

It's well documented that a lot of this money goes out of the country by transferring it to a 'mule' with a bank account in the UK, who think they are doing something innocuous. They transfer it to the scammers either via cryptocurrency (basically untraceable) or previously, via an international money transfer service such as Western Union. The latter is also pretty much untraceable. You can pick up money anywhere in the world from these services with some ID. They don't need your address or to really check you are who you say you are, they just want to make sure you have the same name as the one the sender referenced.

Unless the destination country, the destination Western Union office and the person who picked up the money are all willing and able to co-operate, law enforcement in the source country is pretty much stuck.

> doing something innocuous. They transfer it to the scammers either via cryptocurrency

Whoah. Do you mean there are people that think cryptocurrency is "inoccuous"? I mean, I know there are inoccuous uses; but if someone "official" tells you to use a cryptocurrency account, that is very definitely occuous.

Sorry for replying to self.

TIL: I have been spelling "innocuous" wrong since forever. It's apparently the negating prefix "in-", and the Latin word "nocere" (to harm).

So I should have quipped "that is very definitely nocuous". Or not quipped at all.

I know in the USA it is possible to open accounts online only, and when you are online only well it's not a far hop to give a digitally manipulated ID photo, if they ask for one at all. Plus all the info needed to open bank accounts has been breached and released 100 times over at this point.

>Considering that all Western governments have achieved total surveillance on our banking

You're so far away from the truth. Basically, they have flashlight and they are in dark forest. You can theoretically find what you want, but it's fairly unlikely and very time consuming.

> Considering that all Western governments have achieved total surveillance on our banking

> and made it impossible to have anonymous bank accounts,

These are not the same things, as anyone who works in logging and tracking will tell you. Just because there is some tracking of you, or an ability to track you does not mean that all activity could be noted or flagged. If I purchase from a new online vendor, how would my bank know if it was me or not?

There are organizations creating thousands of bank accounts to cash out transactions like this for a percentage. They use fake IDs, there’s no way to stop them.

Catching the people opening the accounts leads you to nowhere, they rarely even know their bosses.

There is a way to catch fake IDs besides ML and MRZ parsing, but this would require govt to allow banks to use their ID database.

Never gonna happen internationally. We barely managed to push through cryptographically signed passports after 9/11, and even those aren’t very well adopted (you will never face issues if your passport has a “faulty” chip)