Michael Dolan, 24, was sentenced yesterday to seven years in prison for fraud and aggravated identity theft for four-year string of phishing activity on AOL. Dolan crafted a series of elaborate phishing scams in an effort to scam thousands of users out of money. Detailed below is an example of one such scam.
A large number of AOL subscribers received this scam right at the peak of when AOL was promoting their Safety & Security Center (obsolete, thankfully):
The components of this scam were genius — it used very consistent AOL branding and it literally prevented users from accessing AOL. After the data was entered, it was saved on the hard drive, then when the Internet connection was reestablished, it would transmit to a rather undisclosed location somewhere in the world. This was one of the phishing scams that Dolan ran when he was free from incarceration. This one was delivered in the form of a “picture” attachment that was send to AOL Chat users in an effort to establish rapport and trust in opening the attachment.
Now, why anyone would enter their driver’s license number and social security number, is beyond me; nonetheless, many people did it believing that AOL needed to have that information.
I guess no one ever told Dolan that when there is identity theft on a grand level, the Secret Service, FBI and Department of Homeland Security are very interested and are more than willing to revoke your civil rights. Actually, they didn’t in this instance — the Department of Justice uses this as a PR to remind us they are protecting the American people from fraud and deception.
Phishing AOL users is easy and very lucrative. If AOL legitimately wanted to secure their users, they would educate them on how to read e-mail headers, explain why the “From” header can’t be trusted, and let them know that downloads should not be executed if they are from someone they don’t know. But they don’t. They reinforce ignorance with ignorance with fears of “bad press,” instead of actually educating their users.
Phishing on AOL is effective — AOL users have the highest clickthrough rate, and the highest action rate than any other ISP out there. Why? As long as users feel out of control, they will always trust what comes into their inbox and inherently what pops up on their screen.
Are AOL users safer now? No. There for every one phisher that goes down, there are five others to replace him. Now, at this point, AOL is powerless because Phishers are moving towards anonymous botnets to slang their scams. All one can do is pray that the AOL Spam Filters are strong enough to determine the IP reputation of Romania and Russia are low enough to tag their messages as spam.
Knowledge is power and in this case educating people on the dynamics of phishing will help them avert being scammed in the future. In a nutshell, these tips are:
- Don’t be greedy. Nothing is for free in e-mail.
- Your account will never be shut down via e-mail.
- PayPal and eBay will address you with your first and last name.
- Money orders + E-mail == very bad times.
- Add senders that you trust to your address book so you continue to receive their e-mail.
- Know the practical tips when using e-mail, AOL has a good list of them.
So what do you think — is 7 years appropriate for phishing in Club Fed?
[Found via Google Alerts]