It reads like a simple project management list — transfer specific amounts of money using three steps to three people in the Ukraine from three different Western Union locations — under the services title of “IT Outsourcing”.

Krebs has posted an interesting detail from the case last week where $600,000 was stolen in Brigantine, NJ

Below is a screen shot of the alert the Forte Group sent Tharp on the day of the Brigantine breach. Click the image for a larger version.

Kudos to Krebs for publishing it for discussion. The full image on Krebs’ site is said to be from a woman who said she recognized the scam and backed out.

Tharp, who recently lost her job as a buyer for a local automotive supplier, said she figured out the job was a money laundering scam several days before the Brigantine robbery, and closed the bank account she had given her erstwhile employers. But she said the thieves still tried to transfer her $7,394 of the city’s money on Sept. 29. Tharp said she confirmed with her bank that the thieves never managed to deposit the stolen funds.

The instructions have broken English and other inconsistencies. Note, for example:

“Your commision [sic] rate: 0%” and “Your commision [sic] for this task: 0 USD”. However, step two says “Western Union/Money Gram fees along with all other costs, such as bank fees, transportation costs and so on are paid by you and are deducted from your commission.”

The urgency of the request is interesting as well: “As you know our goal is to provide immediate payment service that’s we ask you to complete this task within 1-2 hours. Is it possible?”

The language and style fits within the social engineering study and linguistic analysis we have developed and presented at conferences over the past seven years. Those who have attended our session would immediately have spotted the signs of fraud. It also is further evidence that an automated application of our research will be useful to detect and stop fraud beyond AFF or 419 scams.