The Internet Crime Complaint Center (IC3) collects reports of internet crime from victims. IC3's recovery asset team then assists in freezing accounts to recover hundreds of thousands of dollars for victims of the diverted wire transfer scam.
One of the many tools IC3's recovery asset team deploys is a "kill chain" to halt the transfer of funds from multiple accounts until the funds can be sent out of the country. The time frame for executing the kill chain is 48-72 hours.
Criminals perpetrating the diverted wire transfer scam recruit money mules to open accounts to receive illegally diverted wire transfers. A money mule is someone who transfers or moves illegally acquired money on behalf of someone else. Money mules add layers of distance between crime victims and criminals.
Money mules can move funds in various ways, including through bank accounts, cashier's checks and virtual currency. Recently, cyber thieves started convincing their money mules to convert the dollars stolen in a diverted wire transfer scam to cryptocurrency.
After the dollars are converted to cryptocurrency, they are put in a tumbler. A cryptocurrency tumbler is a service that mixes potentially identifiable funds with others, so as to obscure the trail back to the fund's original source.
A cryptocurrency tumbler service pools together source funds from multiple inputs for a large and random period of time and then spits them back out to destination addresses. As all the funds are lumped together and then distributed at random times, it is difficult to trace specific coins.
This is all done to decrease the effectiveness of the kill chain by reducing the time the kill chain can restrict further movement of illegally acquired funds from 48-72 hours down to 12-24 hours. It means victims must act FAST and have an incident response plan in place to have any chance of recovering illegally diverted funds.