In its simplest form, online banking fraud is a relatively straightforward process. Like all fraud chains, it can be split to main two parts: obtaining compromised credentials and cashout.
Obtaining victims’ credentials would typically include every element needed to login to the victim’s bank account (i.e. username, password, etc.). In order to acquire this information, a fraudster will set up a phishing or malware attack that will reach out to the intended victim via spam or a Trojan download. These attacks will then either get the victims to divulge their information or capture it from their machines. Once the information has been compromised, it is time to turn the data into money – by logging into the victim’s account and initiating a fraudulent transfer to a pre-obtained mule account. Upon receiving the funds (in case they do get through to the mule account and weren’t blocked en route), the mule cashes out the new funds from their bank account and sends the money to the fraudster (minus their share, of course).
Since the setup and skill set required for building a mule network are quite different from those required to for credential collection, most fraudsters focus on one specialty and meet in the underground to partner-up or trade services.