A few weeks ago I came across several email messages in Spanish purporting to have been sent by Western Union:
As you can see, this is a typical message sent as spam that we have seen in many guises. It tries to pass itself off as some kind of official notification from well-known companies -anyone from UPS to Apple or even Panda- with the real aim of trying to trick users into running the attached file. However, this time when I saw the message I couldn’t help but smile.
Why? Because I thought there was a certain irony about the message claiming to have been sent by Western Union, a company used by virtually all cyber-criminals. Should we be pointing an accusatory finger at companies like Western Union? There are those who would argue that this is like criminalizing the Internet just because there are users that abuse its services. Fair enough.
But if Western Union is just like any other company, why is it used so insistently by criminals? In practically all the cases I’ve seen of money being stolen from bank accounts (and I can assure you there have been many), the system that criminals ask the money-mules to use to send them the stolen money is Western Union. This system allows the money to be sent anonymously, so that the police cannot follow the trail.
It is an embarrassment that there are companies that allow this. Western Union knows full well that criminals use its services for these types of transfers, but what is it doing about it? Posting warnings on its website:
Out of morbid curiosity, I’ve been looking at the pages of Western Union in other countries, perhaps they had forgotten 
to post warnings on the websites in Russia or the Ukraine 😉 but no, it’s there on all of them. When you click on the link, there is advice and examples of scams and phishing.
Apparently, it is concerned about the fraud that exists (even though it continues to make money from the criminals). So why don’t criminals use other companies? In fact, they do. When they don’t use Western Union they use Moneygram, which operates just as “effectively” as Western Union.
There are other more popular systems for sending money, such as PayPal. So why don’t they use companies like PayPal? This is a payment platform widely used around the world, in fact it can be used in 194 countries (its distribution reaches even further than Mariposa 😉 ) yet criminals do not use it for these types of transfers. Let’s have a look at the webpage:
Not a single warning. It would seem that they don’t have this problem, but why is that? The fact is that PayPal accounts have to be associated to a bank account, and so any crimes committed are easily traceable. So even if someone fakes their identity on PayPal, it’s not so easy to do the same with a bank account. Western Union, on the other hand, has agents all around the world, so you can go and physically collect your money in cash without having to provide your bank details. Obviously you have to identify yourself, although it would seem that the methods used leave much to be desired.
In order to find some answers to these questions I used one of the secret tools that we have in the laboratory: the Internet 😉
In an interesting interview with some Nigerian scammers, they all claimed to prefer using Western Union or Moneygram, explaining:
(We prefer) Western Union Money Transfer service centre, this is because the Western Union agents themselves are all in the game so you can claim your money with fake identity and they just collect 5% from you for themselves and that’s all.
In fact, the eBay online auction site has forbidden the use of Western Union. On its Web page you can see the following advice to users regarding making safe transactions:
So how do cash transfers work with Western Union? When you send money you have to give the details of the recipient, including name and address. They give you a MTCN (Money Transfer Control Number). Whoever collects the money 
only has to provide the MTCN and the name of the person who has sent it. That’s all. In addition there are different agencies in each country that act as franchises, making it easy for criminals to find someone bribable. Evidently, if it is true that there are bribes, this is not really to an employee of Western Union, but to an employee of the franchise. Bear in mind that many of these franchises are local operations also involved in other business, and they provide the Western Union service as a sideline.
In any event, Western Union is surely aware that this is one of the weak links in the chain and is easily abused by criminals, and they will surely take measures to verify the integrity of their agents. At least that’s what any normal-thinking person would assume. So let’s look at how this commitment to the fight against crime works in practice:
Having got this far, the only question left is: What can be done? Firstly, as a responsible user with a commitment to the fight against crime, I’ve no intention of allowing a company which in my point of view is irresponsible to profit at my 
expense. But this is just a drop in the ocean, I don’t believe my mafia “friends” will stop using Western Union because I don’t use it, they might follow me on Twitter, but that’s about all 😉
Secondly, we have to demand Western Union to change the way the do business, forcing any user that wants to receive money to give his bank account (as PayPal does). And this is not something only to be done by Western Union, but by any other similar company, such as Moneygram.
Even if we could achieve something like this, we wouldn’t bring an end to cybercrime (I wish it were so easy), but it would be another small step along the way. Criminals would have another obstacle in their way and would have to look for alternatives, while we continue to hunt them down 🙂
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
13 comments
Two issues with your prosed solution of forcing Western Union to request bank account numbers.
1. Do you really trust Western Union or its authorized agents not abuse bank account information? All you need to make a ACH transaction is a number. Considering how easy it is to become a WU agent, entrusting them with anything that is personally identifiable is asking for even more crime.
2. A lot of Western Union customers do not have bank accounts, or even government issued ID for that matter. Remember WU is a global company with customers all over the world, most users of the service are of a lower income stature in countries that may not even issue government ID to its citizens.
There is a bigger issue: is Western Union going to do anything about this, even if they know all of this is true? No, they won’t, they are making a lot of money with this. The best thing would be that governments force these companies to take the kind of measures proposed. Maybe too idealistic 😉
Patetic research mate…. go deep.
Netkairo, long time no see! No need to change your name, we know who you are 😉
You can find out how Western Union scams here http://www.westernunion-no.nonkok.net/
Awesome, thanks for the link Mikhail.
POR DIOS NO SEAN PENDEJOS Y NO CAIGAN EN ESAS TRAMPAS NADIE SE GANA LA LOTERIA NADIE TE VA A MANDAR UN CACHORRO NADIE TE VENDE UN PISO ,NO TE VAN A MANDAR EQUIPO ELECTRONICO DESDE AFRICA POR DIOS PERDON QUE LO DIGA PERO EN AFRICA ,COMO SI VIVES EN ESPAÑA EN UN PAIS DE PRIMER MUNDO QUE CHINGADOS VAS A COMPRAR COSAS FUERA DE TU PAIS NO SEAS IDIOTA,WESTERN UNION SOLO TE PRESTA EL SERVICIO DE ENVIO DE DINERO LEE TU CONTRATO (FORMATO DE ENVIO) QUE FIRMAS AL HACER EL ENVIO WU NO SE HACE RESPONSABLE SOBRE EL MOTIVO DE LA TRANSFERENCIA,A WU NO LE IMPORTA SI VAS A COMPRAR ALGO SI TE PROMETIERON UNA PROSTITUTA O LO QUE TU QUIERAS ,SOLO MANDAMOS TU DINERO A OTRO PAIS SI TU DAS EL MTCN LO PUEDEN COBRAR,(EN ALGUNOS PAISES NO ES NECESARIO ESTE NUMERO)SABEN TU NOMBRE SABEN DESDE DONDE LO ENVIAS CUANTO ENVIASTE SABEN TODO ESTAS PERSONAS A ESO SE DEDICAN,LAMENTABLEMENTE TIENE CONTACTOS DENTRO DE PUNTOS DE VENTA DE WU QUE SON SUS COMPLICEN,HASTA TU LO HARIAS NO DIGAS QUE NO,NO RECLAMEN A WU,WESTERN UNION NO TIENE LA CULPA QUE USTEDES SEAN PENDEJOS Y SE CREAN QUE UNA PERSONA A MILLONES DE KMS LES VA A MANDAR UN PERRO,COMPRASELO AL VECINO,QUE EL PERRO TIENE DOS CABEZAS O LADRA EN OTRO IDIOMA, PORFAVOR EVITEN ESTAS SITUACIONES LAMENTABLE MENTE ME A TOCADO ESCUCHAR CLIENTES LLORANDO LLAMANDOME PARA RECLAMARME QUE LES DEVOLVAMOS SU DINERO,COMO SE LO DEVUELVO SI EL MISMO SE PRESTO A ESE FRAUDE,WU SOLO CUMPLE CON EL PROPOSITO QUE TIENE LA EMPRESA ENVIAR DINERO,
POR SU ATENCION
GRACIAS
G’Day! Pandalabs,
Maybe a little off topic, however, My friend is currently backpacking around Asia, I recieved an email from him today which was very brief, he said he had got into some bother and needs money quickly, he asked me to send him some money via Western Union and that I must not tell his parents or his sister, all very mysterious but he said he would explain and give back my money when he gets back in October.
Anyway, I’m happy to send the money but I’v got no idea what Western Union is or how I would send money to him using it.
Can somebody please explain it to me?
Thanks!
Good Job!
Someone has hacked your friend account, and the cybercriminal is trying to rip his friends off… Talk to your friend using a different mean (phone) to confirm this is the case.
I went to bank to retrieve my money sent through Western Union and I was told my money has already been picked up, I want to know the location that picked it up?
Hello, we are sorry to hear about your problem. Contact us here and we will do our best to help: https://www.pandasecurity.com/en/homeusers/support/contact.html?lng=2
Well, I had a “supposed” loan company send me a check that was fake, but my bank cashed it, whereas, a week before they denied a check that was fake, well I got a money order at Western Union and sent the money to the “intended” recipient in another country. Needless to say I didn’t get the loan money and I got screwed by my bank for the check, which they took my next check as payment,wouldn’t the bank be held responsible for cashing the check? My account got closed and kicked out of the bank. I still got all the wire transfer docs and the texts from so called “loan agent”, also pics of the checks.