AOL identity thief faces seven year jail sentence

Sophos is reminding computer users of the threat posed by phishers following the conviction of a 23-year-old identity thief who targeted users of AOL. Michael Dolan, formerly resident in Connecticut and Florida, has admitted stealing names, credit card details and social security numbers from AOL members.

From 2002 until his arrest on 26 September 2006, Dolan used malicious software to steal AOL screen names from chat rooms. The users were then spammed with electronic greeting cards claiming to be from Hallmark.com, but which in reality installed a Trojan horse that prevented AOL customers from logging into their account without entering personal information. Dolan would then use the stolen information to order online goods and steal money from ATM machines.

A plea agreement with the US Department of Justice calls for Dolan to spend seven years in prison, and then remain on supervised probation for two to three years. He may also have to pay a fine of USD 250,000. Dolan is scheduled to be sentenced on 14 November 2007.

“Identity theft is a growing problem, and it’s all too easy for innocent internet surfers to be duped into handing over confidential information about themselves,” said Graham Cluley, senior technology consultant for Sophos. “Cybercriminals need to be given a strong message that they will receive a serious punishment if they are caught. Individuals, meanwhile, need to become more clued-up about how to protect their identities online.”

Last year Sophos revealed in a survey that 58 percent of people receive a phishing email every day. The security company recommends that businesses protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.