The basis of a phishing scam is to lead email recipients to fraudulent websites where they are asked to enter personal details, such as usernames, passwords and credit card numbers. Phishing is without a doubt one of the fastest growing scams to ever strike the internet. The IRS recently shutdown over 1,500 confirmed sites, although thousands more are being created everyday.
AOL Playing a Role in Anti-Phishing Efforts
America Online is one company that has played an active role in the antiphishing campaign. In 2005, they formed a partnership with Cyota, an online security provider, to not only crack down on AOL phishing, but phishing sites in general.
AOL's goal is to block access to sites creating fraudulent pages from its own service, along with those that purport other legitimate entities, such e-commerce providers, banks and credit card institutions. AOL has taken action against this scam by implementing a feature that allows their subscribers to report spam and phishing emails. Their software has also received an upgrade that warns users when they are visiting a website suspected of fraudulent activity.
AOL phishing isn't the only scam using a well known entity to trick email users. Companies such as Microsoft, eBay, PayPal and Visa have been targeted as well. Together, these organizations have launched the Phish Report Network, a program dedicated to sharing information about these attacks. The APWG (Anti-Phishing Working Group) is another organization that plays a significant role in educating consumers about phishing. APWG consist of more than 1200 members, including several United States banks, Internet Service Providers and technology companies, all working together to help eliminate online theft.
Infamous AOL Phishing
The biggest case of AOL phishing involves a California man who posed as a representative from AOL's billing department. Like most phishers, Jeffrey Brett Goodin attempted to persuade users into giving up financial details to rob them of their assets. Fortunately, Goodin was caught very quickly and found guilty in June of 2007 of identity theft. The court convicted him for distributing thousands of phishing emails to AOL subscribers, making him the first jury conviction under the CAN-SPAM Act of the 2003. It's reported that Goodin used several compromised Earthlink email accounts to fraudulently distribute messages from AOL's billing department. Probable victims were directed to a number of rogue websites operated by Goodin himself. From there, they were encouraged to enter their personal details, including passwords and credit card numbers in order to prevent the termination of their AOL internet access service. This information allowed Goodin to make various fraudulent purchases online. As of now, it's unclear just how much he profited as a result of this scam.
Aside from the CAN-SPAM Act conviction, Jeffrey Brett Goodin was also convicted on 10 other counts, including the misuse of the AOL trademark, aiding and abetting the unauthorized use of credit cards, wire fraud, the attempted harassment of a witness and failure to appear in court.
AOL's antiphishing effort is part of a much broader campaign to increase the security of its subscribers by reducing spam and working in conjunction with law enforcement among other initiatives.