In late December last year, Harris pleaded guilty to fraud and wire fraud in connection with a phishing scheme designed to dupe MSN customers. On those two counts, he faced maximum sentences of 10 years and 20 years, respectively.
"Today marks a new milestone in Microsoft's global phishing enforcement initiative," says Aaron Kornblum, Microsoft's Internet Safety Enforcement attorney. Microsoft's hope, he explains, is that this case will serve as a deterrent. In furtherance of that effort, Microsoft has filed 125 civil lawsuits against phishers to date and secured takedowns of more than 2,000 phishing Web sites targeting Microsoft, MSN, and Hotmail users since January 2004. "It's about taking the fight to the phishers," Kornblum adds.
As part of his plea agreement, Harris admitted to sending E-mail to MSN customers in an effort to trick them into visiting a fake MSN Web site set up to capture credit card numbers and other personal information.
The Microsoft Internet Safety Enforcement Team discovered the scheme, located Harris' address, and referred the case to the FBI for investigation. FBI agents subsequently executed a search warrant and seized Harris' computers, which contained evidence of Harris' phishing efforts.
Harris stipulated that his scheme affected between 50 and 250 victims, for which he has been ordered to pay restitution of approximately $57,000.