Under the CAN-SPAM act, a California jury has convicted Jeffrey Brett Goodin for the phishing attack he orchestrated against AOL (America Online) users.
He was also found guilty by the jury of other charges including possession of illegally obtained credit cards, wire fraud, failure to appear and witness harassment. He sounds like a real doofus.
To unleash his attack, he used compromised Earthlink accounts (probably compromised because the account owner did not create a secure password or was not careful with it). He then sent out emails to AOL users that appeared to be from AOL’s billing department. The users were told that they needed to update their account information and “click this link” to do so.
When the user followed the requests of the email, they were directed to sited that Goodin controlled and had made to appear to be legitimate AOL sites. The unsuspecting user then happily entered their credit card information, which Goodin then used to make unauthorized charges.
The 46 year old Goodin faces more than 100 years in prison. But, with good behavior, he will probably only serve half of that ;).