Six charged for phishing, spamming AOL users

News by Dan Kaplan

Six men have been indicted on charges they spearheaded a phishing and spamming operation that targeted thousands of AOL users by installing malicious software and requesting private information, the U.S. Attorney's Office in Connecticut announced Wednesday.

Six men have been indicted on charges they spearheaded a phishing and spamming operation that targeted thousands of AOL users by installing malicious software and requesting private information, the U.S. Attorney's Office in Connecticut announced Wednesday.

The 12-count indictment charges Michael Dolan, 22, of North Miami Beach, Fla.; Charlie Blount Jr., 22, of Branford, Conn., Keith Riedel, 20, of Winter Haven, Fla. and Richard D'Andrea, 22, Thomas Taylor, 20 and Daniel Mascia, 22, of West Haven, Conn. with operating an elaborate scheme to steal credit card information from unsuspecting AOL subscribers.

According to the indictment, the defendants used software to harvest thousands of AOL member names and email addresses from the internet. They then spammed messages to the AOL accountholders from 2004 to earlier this year.

In one approach, the emails told recipients they had to update their credit card information - or risk losing access to the service.

"We apologize for the inconvenience, but due to a central server meltdown your credit card information was lost," read part of the spam. "In order to enjoy your AOL experience and keep your account active, you must enter your credit card information within 24 hours of receiving this e-mail."

In another approach, the spammers sent out messages that appeared to come not from AOL but another company, such as an e-greeting service, according to the indictment.

Subscribers infected their own PCs by clicking on links within the emails. When subscribers later attempted to sign on to AOL, they would be redirected to a page asking they update their personal and financial information.

At first, Dolan and Blount used the fraudulently obtained information to purchase merchandise on the internet, such as gaming consoles, laptops and gift cards, according to the indictment. Then, the defendants got craftier: They produced counterfeit debit cards using the stolen information.

The indictment did not state what led to the arrests. Tom Carson, a spokesman for U.S. Attorney's Office in Connecticut would only say today that the West Haven Police Department was "instrumental" in the investigation.

AOL spokeswoman Lisa Gibby said today that the internet service provider is pleased with the news of the indictment, especially considering how sophisticated the scam was. She said AOL remains "committed" to working with law enforcement to put "spammers, scammers and phishers behind bars."

Blount, D'Andrea and Taylor each pleaded guilty on Wednesday to one count of conspiracy to commit fraud in connection with access devices. D'Andrea and Taylor also pleaded guilty to one count each of identity theft. The three men are scheduled to be sentenced in December.

Dolan, now in prison for violating his probation from a prior conviction for accessing a computer without authorization, was charged with two counts of fraud in connection with access devices and one count each of conspiracy to commit fraud in connection with access devices, aggravated identity theft and aiding and abetting fraud in connection with access devices.

Mascia was charged with one count of conspiracy to commit fraud in connection with access devices and one count of fraud in connection with electronic mail. He was scheduled to be arraigned today. Riedel was charged with one count of conspiracy to commit fraud in connection with access devices. His arraignment has not yet been scheduled.

If convicted, the defendants face up to 15 years in prison for fraud in connection with access devices and aiding and abetting fraud in connection with access devices, 7 and a half years in prison for charges of conspiracy to commit fraud in connection with access devices and up to five years in prison for fraud in connection with electronic mail.

Aggravated identity theft carries a mandatory two-year prison sentence.

"With the full cooperation of federal, state and local law enforcement, we will use the breadth of federal law to vigorously investigate and prosecute internet identity thieves," U.S. Attorney Kevin O'Connor said in a statement. "These are insidious crimes that wreak havoc on the lives of victims, and we will seek strict terms of imprisonment."

 Click here to email Dan Kaplan.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events