Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« New Social Engineering Scheme Targets Military Families | Main | "Over 1 Million Computer Victims" Can Lead To Some Interesting, Awareness-Raising, Discussions »

First Person Convicted Under CAN-SPAM Is Sentenced to 70 Months in Federal Prison and Must Pay Over $1 Million

On June 11, Jeffrey B. Goodin was ordered to pay $1,002,885.58 to the victims of his phishing scheme.

I love that specific dollar penalty...right down to the penny! Would be fun to see the accounting breakdown of that total.

Goodin was found guilty of violating the CAN-SPAM Act of 2003 on January 12, 2007.

"The jury found that Goodin sent thousands of e-mails through an Earthlink Internet connection to America Online users that appeared to be from AOL’s billing department. The e-mails prompted the AOL customers to “update” their personal and credit card information on phony AOL webpages that Goodin controlled. Goodin then used his victims’ personal and credit card information to make unauthorized credit card purchases. It cost Earthlink nearly $1 million to detect and combat Goodin’s phishing schemes. After being indicted on federal charges in the phishing scheme, Goodin harassed an individual who had cooperated with authorities by posting intimidating messages to a website commemorating the death of the cooperator’s sister."
"In addition to the CAN-SPAM Act conviction, Goodin was sentenced on 10 other counts, including wire fraud, aiding and abetting the unauthorized use of an access device (credit card), possession of more than 15 unauthorized access devices, aggravated identity theft, misuse of the AOL trademark, attempted witness harassment and failure to appear in court."

Goodin is the first person to ever be convicted by a jury under CAN-SPAM.

The Ontario Police Department and the Electronic Crimes Task Force, comprised of the FBI and the U.S. Secret Service, investigated the case.

Could your organization be found guilty of CAN-SPAM noncompliance? Most of the marketers in organizations are not aware of this law, and most marketers also continue to regularly send email messages to everyone possible.

If you don't know what your marketing and sales folks are doing with regard to email campaigns, it would be a good idea to have a chat with them or lunch meeting to discuss this. Let them know about the requirements for allowing your consumers to opt-out of receiving your email messages, and the importance of keeping track of consumer requests.

Tags:                        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on June 26, 2007 1:00 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/445

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.