The professionalism of today’s cybercriminal organizations (in short: the scammers’ industry) correspond to the professionalism and procedures of legitimate big international corporations. Technology, development activities, human resources, accounting, finance, marketing, legal departments are carried out by different departments independently under the professional leadership of the management people hired by criminals. The primary aim of the activities of the employees of the criminal organizations is to get hold of the stolen life savings. Due to the thousands of millions involved in this business, an industry of enablers (Company builders, lawyers, banks, licensed and unlicensed payment service providers) has developed around these criminal organizations. These enablers enable, manage and launder the money flow in the scammers’ industry!
The scammers’ multi-layer approach for bank transfers
The scammers’ finance departments are mainly tasked with arranging the flow of money from the victims to the beneficial owners of the cybercriminal organizations while concealing the criminal origin and making it as difficult as possible to trace.
The more layers – both geographical and numbers of legal entities involved – are between the victims and the beneficial owners of the criminal organizations, the more advantageous for the fraudsters.
Anonymity non-transparency, made possible by complex corporate hierarchies using dozens of shell companies with straw men as directors and owners, increases law enforcement’s level of difficulty and makes it impossible to recover the stolen funds.
The first layer for the laundering of the illicit money
Boiler room employees – pretending to be experienced investment guys – instruct the victims to transfer their funds to bank accounts with reputable European banks. In most cases, these are bank accounts opened up by pure shell companies, whose only purpose is to collect and forward the collected investor funds as quickly as possible (first layer). Postbank/subsidiary of Deutsche Bank provided more than 90 bank accounts to shell companies for such collective actions.
Company builders set up shell companies with strawmen and bank accounts up front and sell them to organizations/people whose business model is to provide such collection points for fraud schemes (so-called payment service providers). After the acquisition, the shell companies are restaffed with other straw men (managing directors and owners/beneficial owners), primarily of Eastern European or Baltic origin. None of these shell companies employs staff, has an operational business model, or has actual business premises. Most importantly, these companies have no assets.
For online banking purposes, the strawmen hand over the power of attorneys with the contact details and telephone numbers of the people from the payment service providers. When everything is set, the investor funds are flowing into the account and are withdrawn resp—transferred out within days.
The lifetime of these collection accounts is usually limited to a few months. As soon as the first victims realize the fraud, they contact their bank and ask for reversal of the transferred amounts. The house banks are obliged to investigate, inform their correspondent banks about the suspected fraud, and flag identified fraud accounts. Within a few weeks, the bank accounts – mainly emptied beforehand – get closed, and the companies are dissolved months later for lack of assets. Civil lawsuits against these companies go nowhere.
To make these companies available and forward the collected funds, the payment service provider of this first level request up to a 3% commission from each transaction.
Additional layers for the money flow with European bank accounts
According to the scammers ‘ instructions, the stolen funds get transferred within days. The quicker the transfer takes place, the less risky. Part of the funds goes to some service providers like technology companies. However, most of the money flows to another layer of shell companies with European bank accounts, whereby care is taken to ensure that these bank accounts are held at another European bank and in another European country.
The second layer plays a vital role in the money-laundering system, as this is where the origin of the funds gets finally concealed. Fictitious loans, investments, marketing agreements, etc., are established by the finance departments to legalize the transfer of the funds from the first to the second and sometimes a third layer. These papers enable the finance departments to present appropriate documentation to the banks in case.
Money is shifted back and forth so that the criminal origin can no longer be traced.
Preferably, a third layer involves shell companies in another jurisdiction receiving the money and distributing it to various service providers, such as call centres, marketing agencies, etc. The remaining amounts are forwarded to a fourth level.
The shell companies of the third layer also show straw men as managing directors and shareholders. Here, however, powers of attorney for persons from the financial departments of the criminal organization are very often deposited for online banking.
Each additional layer represents a further washing cycle for the money. One of the principles of money laundering in this context is that the concealment becomes more successful with each washing cycle.
In most cases, integration occurs at the second layer, the origin of the funds can no longer be determined, and the “laundered” money is used as if it originated from legitimate business activities.
Starting with the second layer, various service providers already experienced personal enrichment and financed their lavish lifestyles, acquiring luxury watches, real estate, and high-end vehicles, among other things.
In the second and third levels, it is noticeable that the banks used are located in countries where experience has shown that there is little protection against money laundering (e.g. Bulgaria).
The fourth layer and the final destination point
After having paid off all service providers in the former layers, the money finally reaches the fourth level – these are again shell companies equipped with straw men as managing directors as beneficial owners. Often, however, the scammers administer these bank accounts themselves. Usually, these companies are located in non-European countries, driven by company builders, and have their bank accounts there.
At no time does money flow to officially designated operating companies of the online trading websites.
It is remarkable that no European bank involved grew suspicious about the transactions although many were sent in large, “round-Euro/dollar” amounts, a hallmark for money laundering. And although the criminal organisations move money in strange patterns, including sending funds up to 12 times in a single day
The money flow from credit/debit card payments
However, most deposits with scammers are made by using credit/debit ca ds. The smooth functioning of card deposits with the online marketplaces and the thus evident acceptance of the online marketplaces by licensed financial companies leads to a trust bonus by the retail investors. The possibility to pay by card and the associated trust in the fact that, as is known, payment institutions that are integrated into a card system have to fulfil legal requirements and are subject to supervision, make the retail investors trust in the legitimacy of the investments offered by any online marketplaces. Thus, the boiler room employees were explicitly requested to point out the cooperation with licensed payment service providers in case of emerging doubts of the potential victims.
Payment by card has many advantages for fraud companies. It is almost impossible for the victim to find out how the money flows in the credit card system, thereby massively reducing the need for concealment and complexity from the scammers’ side.
The credit card companies usually transfer the funds deposited by the victims’ banks directly from the collective account to the third-level accounts. The money-laundering effort is thus reduced by the involvement of licensed payment service providers in these fraud schemes. This reduction in complexity for the fraudsters is usually rewarded handsomely to the card companies working with scammers. With the usual interchange rate amounting to 0.5 to 0.75 per cent for legitimate transactions, the interchange fees charged by scam enablers like PAYVISION B.V. rise to 7% (compare the GPAY contract signed between BOOKER and GAL BARAK in July 2018).
Once the period has expired, the victim can request a chargeback of his deposits from his credit company. The risk of a claim against the card companies is shallow to date. Up to now, supervisory authorities do not care.
Card companies are very experienced in handling the high chargeback risk from high-risk processing merchants. Years of experience in transaction laundering and offering company builder services of its own considerably limit the risk.
Wilfully acting acquirers, like PAYVISION B.V., also perform additional tasks for the scammers. Like PAYVISION transferred a considerable part of the accumulated customer funds directly to the fourth level, i.e. to companies whose bank accounts are at the beneficial owners’ disposal. Uwe Lenhoff just asked for a favour from his excellent friend Rudolf BOOKER/CEO of Payvision B.V. (without any contractual relationship).
PAYVISION B.V. also made payouts to the credit/debit cards of the victims according to the instructions of BARAK and LENHOFF. The charm with this procedure was that even with these credits, tracing for the victims was only possible with the involvement of law enforcement agencies since credit card companies often invoke banking secrecy when victims request information.
When the beneficial owners like Gal BARAK and Uwe Lenhoff cash out the “laundered” funds via companies attributable to him – stolen from hundreds and thousands of European consumers – their origin is no longer traceable – at least for third parties. LENHOFF and Gal BARAK used the funds as if they originated from legitimate business activities. Both LENHOFF and BARAK loved a lavish lifestyle and acquired assets such as luxury cars, watches and high-end jewellery.