In the US's first jury conviction under its anti-spam legislation – the CAN-SPAM Act of 2003 – a California man has been convicted of operating a "sophisticated" phishing scam.
Jeffrey Goodin was found guilty of sending thousands of E-mails to America Online (AOL) users purporting to be from AOL's billing department and which prompted customers to send personal and credit card information. Goodin then used this information to make unauthorised purchases.
The jury found that Goodin operated an Internet-based scheme designed to obtain peronal and credit card information by tricking people into believing that they were providing information to a legitimate business.
The evidence presented during the week-long trial showed that Goodin used several compromised Earthlink accounts to send E-mails to AOL users. These E-mails appeared to be from the company's billing department and urged users to "update" their AOL billing information or lose service
The E-mails referred the customers to one of several Web pages where the victims could input their personal and credit information. Goodin controlled these Web pages, where he collected the information which allowed him and others to make unauthorised charges on the AOL users' credit or debit cards.
In addition to the CAN-SPAM Act conviction, Goodin was also convicted on 10 other counts including wire fraud, aiding and abetting the unauthorised use of an access device (credit card), possession of more than 15 unauthorised access devices, misuse of the AOL trademark, attempted witness harassment and failure to appear in court.
Goodin is scheduled to be sentenced on 11 June and faces a maximum sentence of 101 years.