20 March 2025
Police Investigations Into Financial-Economic Cybercriminal Networks: The Experiences and Perceptions of Dutch Law Enforcement
Police Investigations into Financial-Economic Cybercriminal Networks: Insights from Dutch Law Enforcement
Understanding the Challenge of Cybercrime and Money Mules
Cybercrime, particularly financial-economic cybercrime, is a rapidly growing threat globally, with millions of victims suffering significant financial losses. In the Netherlands alone, over two million people fell victim to cybercrime in recent years, with damages running into hundreds of millions of euros. Among these crimes, online fraud dominates, and a key component enabling these offenses is the use of money mules — individuals who allow their bank accounts to be used to launder stolen funds. A recent study by Bekkers, Leukfeldt, and Kleemans (2025) sheds light on how Dutch law enforcement experiences and perceives investigations into cybercriminal networks that rely on money mules. Their work reveals the complexities and challenges police face in tackling these networks, and highlights opportunities for improving responses to this form of cybercrime.
The Nature of Financial-Economic Cybercriminal Networks
Financial-economic cybercriminal networks are often locally embedded groups composed of core members who orchestrate crimes and peripheral individuals performing specific roles. These networks are not faceless or entirely virtual; many members share social ties and operate within familiar neighborhoods. Money mules serve as crucial intermediaries in these networks by facilitating the transfer and withdrawal of illegally obtained money, usually without fully understanding the criminal context.
Common offenses involving money mules include phishing, bank helpdesk fraud (where offenders impersonate bank staff to deceive victims), online consumer fraud, and friend-in-need fraud (where offenders impersonate acquaintances to solicit money). While some forms like phishing have become less frequent due to improved detection, bank helpdesk fraud currently dominates police efforts due to its significant financial impact.
Investigative Approaches: Top-Down vs. Bottom-Up
The study identifies two main investigative strategies used by Dutch police:
-
Bottom-Up Approach: Investigations start with identified money mules. Although this is often the initial point of contact, it rarely leads to uncovering higher-level criminals because money mules usually know little or refuse to cooperate.
-
Top-Down Approach: This proactive strategy targets higher layers of the criminal network using digital traces such as IP addresses, phone numbers, crypto wallet data, and social media communications. It relies heavily on technical expertise and inter-agency cooperation.
Respondents agree that the top-down approach tends to be more effective in mapping criminal networks. However, it is resource-intensive and requires specialized knowledge often lacking in local police teams. There is also an emphasis on real-time interventions such as catching offenders in the act at locations like hotels serving as temporary call centers.
Challenges Faced by Local Police and the Need for Cooperation
Local police units often struggle with cybercrime investigations due to limited capacity, lack of specialized knowledge, and low prioritization compared to conventional crimes. Information sharing between local teams is inadequate, although criminal networks operate across regions. The study highlights the importance of strong local government involvement and better coordination within law enforcement to address this gap.
Moreover, public-private cooperation is essential. Banks and other private companies hold critical data that can aid investigations but face legal restrictions on sharing information with police. Increasingly, offenders use foreign bank accounts and online-only banks with lax identification requirements, complicating law enforcement efforts due to slow or absent international cooperation.
Alternative Interventions and Prosecution Strategies
Regarding prosecution, the study finds a preference among law enforcement respondents for alternative interventions over criminal prosecution for money mules. Many money mules are vulnerable individuals who may not have acted with full intent or knowledge of their role in crime. Methods like “knock-and-talk” — where police warn suspects informally — are viewed positively for reducing recidivism and helping differentiate between victims and offenders.
Criminal prosecution tends to focus on higher-level offenders who orchestrate these crimes, often resulting in prison sentences. However, repeat offenses suggest that harsh punishments alone may not deter these criminals. Civil law procedures are also increasingly used to recover stolen money from account holders but raise concerns about fairness and long-term consequences for money mules.
Conclusions and Implications for Policy and Practice
The study by Bekkers et al. underscores that while Dutch police are making efforts to combat financial-economic cybercrime involving money mules, significant obstacles remain. Effective investigation requires strengthening both top-down and bottom-up approaches, improving local police capacity and knowledge, enhancing cooperation across agencies and with private sectors, and carefully balancing punitive measures with alternative interventions.
Cybercriminal networks are adaptive, shifting operations internationally and exploiting technological loopholes. Future strategies must therefore include evaluation of alternative methods like knock-and-talk and civil procedures, alongside traditional law enforcement actions.
Overall, a combined approach that integrates prevention, disruption, investigation, prosecution, and collaboration holds promise for better tackling the complex issue of financial-economic cybercrime.
