Teen faces consequences for phishing scam, Sophos comments

May 25, 2004 Sophos Press Release

Michael Maloney, a 17-year-old minor from Queens, New York, has been reported to have sent phishing emails purporting to be an official communication from America Online. As a result, he faced charges from the US Federal Trade Commission (FTC).

The phishing email contained a link to a bogus web page designed to look like the official America Online site. Recipients who clicked the link and filled in the details on the bogus webpage were actually giving their sensitive banking and credit card information to a "phisher".

Maloney's attorney, Vincent Bianco, explained that as his client was a minor when the emails were farmed out, they were able to settle without admitting any wrongdoing. Maloney is said to have agreed to no longer sending unsolicited commercial email as well as have his email activities be monitored by authorities as part of the settlement. Bianco added that Maloney may not have worked alone and that the FTC were possibly pursuing others involved in this phishing attack.

"We are seeing more and more of these type of attacks," said Carole Theriault, security consultant at Sophos. "The emails are designed to look very official, so it is easy to understand why email users would fall for them. It is wise to never click on a link which is sent to you via email. Instead, open your web browser and type in the web address for the site's home page."

Maloney is also connected to a PayPal scam, where phishing emails requested that recipient reactivate their PayPal account by visiting a bogus webpage. The FTC stipulated that the collated information was used by Maloney and others to buy goods from those active accounts.

Sophos PureMessage provides an award-winning defence against these kind of phishing attacks, as well as viruses and spam. For more information on how to deal with unsolicited email, visit our spam info section.