The IEEE online magazine Computing Now has the interesting article Is Everything We Know about Password Stealing Wrong?

The money mule’s role is to turn a traceable, reversible transaction into an untraceable, irreversible one.  Using a stolen password, the thief transfers money (traceably and reversibly) to the mule’s account using, for example, online bill pay. On receipt, the mule sends this money (untraceably and irreversibly), minus a “commission,” to the thief. By using, for instance, Western Union for this transfer, the mule has made it irreversible and untraceable. By authorizing the withdrawal with a signature, the mule gives up any ability to repudiate. The mule has thus given up any consumer legal protections that he or she might have enjoyed. The mule accepts a bad transfer and initiates a good one.

Consider a fraudulent transfer of $9,000 from a compromised account. Using online bill pay, the thief sends $9,000 from the victim’s account to the mule. The mule sends $8,100 to the thief and keeps a $900 commission. Once fraud is discovered, the victim is reimbursed, and reversal is attempted from the mule account. Thus, before discovery, the victim, mule, and thief have gains of –$9,000, $900, and $8,100, respectively. After discovery and reimbursement, they have $0, –$8,100, and $8,100, respectively.

The moral of the story is that you are less in danger from having your password stolen at an ATM than you are of being talked into becoming a mule. Still, you’ll avoid hassle if not loss of money if you protect your password from theft.

As Kermit might say, “It is not easy being a mule.” Maybe it’s Eddie Murphy that would make that remark.