Tech Time Warp: First CAN-SPAM conviction snares a phisher

Tech Time Warp

Tech Time Warp

Most of us have experienced that horrible, sinking feeling that comes with being tricked or nearly tricked by a phishing email. According to the Cybersecurity & Infrastructure Security Agency, one of the organizations behind the 20th annual Cybersecurity Awareness Month, phishing schemes have gotten more convincing thanks to the rise of artificial intelligence (AI). Cybercriminals now have better grammar and spelling. This week’s Tech Time Warp will look into the first person convicted under the CAN-SPAM Act of 2003.

Yet there are still plenty of phishing signs that should set off warning bells. These include urgent emotional appeals, requests for personal or financial information, shady URLs, and dire consequences for not responding. Many of these tipoffs were present in the case of Jeffrey Brett Goodin. The FBI arrested the Californian after he posed as an AOL billing representative in thousands of emails sent to AOL customers. In the emails, Goodin asked them to confirm their account and billing information. He also was threatening them with loss of service if they didn’t comply. The “confirmation” took place on a website Goodin controlled. Goodin then used their financial information to make fraudulent purchases.

The arrest and prosecution of Goodin

Upon arrest in 2006, the federal government charged Goodin under the CAN-SPAM Act of 2003 with operating a phishing scheme, as well as with wire fraud and unauthorized use of an access device. In June 2007, he was sentenced to 70 months in federal prison and ordered to pay more than $1 million in damages to victims. This is including nearly $1 million to Earthlink, the service he used to send the phishing emails. Earthlink spent that amount to trace the emails back to Goodin.

Looking back at Goodin’s scheme, it included a request for financial information (credit card info). It also included dire consequences for not responding (loss of AOL) and a suspicious website. Contemporary news reports did not, however, comment on Goodin’s grammar or spelling.

If you receive an email asking for your personal or financial information, don’t click on any links. Delete the email. If you are concerned there may be an issue with your account at any institution, contact that company directly, not through email.

Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.

Photo: ronstik / Shutterstock

This post originally appeared on Smarter MSP.

Leave a Reply

Your email address will not be published. Required fields are marked *