Identity Thief Pleads Guilty to Elaborate Phishing Scheme

Trojan horse sent out disguised as malicious greeting cards.

by / August 23, 2007

Identity thief Michael Dolan has admitted to stealing names, credit card details and Social Security numbers from AOL members using an elaborate phishing scheme. From 2002 until his arrest on 26 September 2006, Dolan used malicious software to steal AOL screen names from chat rooms. The users were then spammed with electronic greeting cards claiming to be from, but which in reality installed a Trojan that prevented AOL customers from logging into their account without entering personal information.

Dolan would use the stolen information to order online goods and steal money from ATM machines.

"Federal law enforcement, with the cooperation of our state and local partners and internet service providers, are committed to investigating and prosecuting internet phishing and other identity theft schemes that wreak havoc on the lives of their victims," U.S. Attorney Kevin J. O'Connor stated.

A plea agreement with the U.S. Department of Justice calls for Dolan to spend seven years in prison, and then remain on supervised probation for two to three years. He may also have to pay a fine of $250,000.

"Identity theft is a growing problem, and it's all too easy for innocent internet surfers to be duped into handing over confidential information about themselves," said Graham Cluley, senior technology consultant for Sophos. "Cybercriminals need to be given a strong message that they will be given a serious punishment if they are caught. Individuals, meanwhile, need to become more clued-up about how to protect their identities online."