Jeffrey Brett Goodin, 47, of California, was sentenced to 70 months in prison by United States District Judge Christina A. Snyder in Los Angeles. He was originally found guilty on 12 January of CAN-SPAM violations for sending thousands of phishing e-mails appearing to be from
America Online's billing department in an attempt to steal users' personal information.
In addition, Judge Snyder ordered Goodin to pay US$1,002,885.58 to the victims of his phishing scheme. That total includes nearly US$1 million to
Earthlink, his ISP, to cover the costs for detecting and combating his online fraud scam, the
U.S. Attorney's Office in Los Angeles said.
Goodin's emails asked AOL customers to update their personal and credit card information on phony AOL websites under Goodin's control. He then used the victims' personal and credit card information to make unauthorised purchases.
"It's great news [Goodin] was caught and is going away for while," said Sam Masiello, director of
MX Logic's threat management team. "But in the end, it's not going to have impact overall" in the battle to control online fraud.
The online fraud problem won't go away until "users have become more educated -- they're the weakest link in chain," he added. "They have a feeling that their operating system and anti-virus products will protect them, but that's not true.
"It's important that users know what are legitimate websites, that they don't open attachments and links they get from people they don't know," Masiello explained.
"This is email 'security 101,' but it needs to be repeated over and over because people are still clicking links and getting infected with keyloggers and screen scrapers," which capture and forward personal information on log-on screens appearing on a user's computer monitor.
He added that "while there's no 100 per cent guarantee that users won't get infected, using a firewall that monitors and blocks outbound traffic" can significantly mitigate the problem.
In addition to the CAN-SPAM conviction, Goodin was sentenced on 10 other counts. These included wire fraud, aiding and abetting the unauthorised use of a credit card, possessing more that 15 unauthorised access devices (credit cards), aggravated identity theft, misusing the AOL trademark, attempted witness harassment and failing to appear in court.
The attempted witness harassment charge came after Goodin was indicted on federal charges in the phishing scheme.
The US Attorney's Office said Goodin harassed an individual who had cooperated with authorities by posting intimidating messages to a website commemorating the death of the cooperator's sister.