Direct answer
What is a mule route? A mule route is a payment or contact path used to move victims from phishing into fraud, such as an IBAN, phone number, wallet or messaging handle.
Beyond domains
Many platforms focus on URLs. Fraud teams also need IBANs, BICs, beneficiary patterns, phone numbers, messaging handles, QR payloads, wallets, payment references and repeated invoice templates.
Correlation value
The same IBAN, callback number, Telegram handle or wallet can connect campaigns that use different domains or brands. This creates a fraud route graph rather than a flat IOC list.
Safety and evidence
PhishNet treats mule routes as review candidates unless repeated, corroborated, archived or analyst-confirmed. Sensitive evidence stays controlled while exports include provenance and confidence.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What is a mule route?
A mule route is a payment or contact path used to move victims from phishing into fraud, such as an IBAN, phone number, wallet or messaging handle.
Why are mule routes useful?
They reveal monetization and reuse patterns that domain-only feeds often miss.