An anonymous reader writes: Our examination of mules has interesting implications. First, it suggests that it is not the victims of phishing and keylogging that lose money but money mules. Second, mule recruitment is the major bottleneck in the fraud pipeline: without them stolen credentials are worth little. Third, this explains why credentials sell for small fractions of their face value; i.e. there is an insufficient supply of mules to drain the number of compromised accounts. Finally, it shows there is no shortage of compromised accounts. Thus a reduction in the rate of account compromise will not reduce fraud at all, at least until account compromise is at a level small enough that it becomes the bottleneck. The only effective way to reduce online fraud is by making mule recruitment even harder.