2008-09-01
Abstract
Phisher goes down for seven years; youngster involved in scam escapes jail.
Copyright © 2008 Virus Bulletin
A man who masterminded a phishing scam targeting AOL users over a four-year period has been found guilty of fraud and aggravated identity theft and sentenced to a total of seven years in prison, followed by three years of supervised release.
According to prosecutors Michael Dolan ran a scam in which he and five accomplices harvested thousands of AOL customers’ email addresses, then infected victims’ PCs with malicious software that would prevent them from logging on to AOL without entering their credit card number, bank account number and other personal information. Victims typically received a fake greetings card email containing a link which, when opened, installed the malicious package.
The defence team requested a lighter sentence, pleading mental illness on Dolan’s part and arguing that fewer than 50 victims had fallen for the scam, with losses totalling around $43,000. However, according to Assistant US Attorney Edward Chang, Dolan had previously revealed that the scam had yielded $400,000 from at least 250 victims. What’s more, Dolan had attempted to bribe a co-defendant, threatened to kill someone he thought was a government informant, and suborned his girlfriend to commit perjury – sounding like a fairly nasty piece of work in general.
Meanwhile, a young Lithuanian man recently managed to avoid a prison sentence in the UK after being found guilty of involvement in a phishing scam. Ronaldas Janusevicius, aged 18, was found to have been involved in a scam in which one victim received a phishing email claiming to come from Lloyds TSB bank. The email requested that the victim update his online banking credentials and the next he knew £9,000 had been stolen from his account.
Despite the £9,000 having ended up in Janusevicius’s bank account, he claimed not to have been responsible for sending the email or obtaining the victim’s account details. In fact, Janusevicius had given his own bank account details to an unknown man who had transferred the victim’s money into Janusevicius’s account, thus successfully covering his own tracks and leaving the young man firmly in the frame.
Luckily for Janusevicius the court acknowledged that he was not wholly responsible for the scam and ordered him to complete 100 hours of unpaid work as part of a 12-month community order, on top of paying £603 to the bank and £75 costs.
