Sponsored By

MSN Phisher Pleads Guilty To Crimes

Jayson Harris, 23, duped MSN customers into providing credit card numbers, claiming they needed to update their accounts. He netted about $57,000 from the scheme.

Thomas Claburn

January 3, 2006

2 Min Read

The United States Attorney’s Office in Iowa yesterday said that Jayson Harris, 23, of Davenport, Iowa, pled guilty on Dec. 30 to computer fraud charges arising from a phishing scheme conducted from January 2003 through June 2004 on Microsoft's MSN Internet service.

"This was a phishing attack that targeted MSN customers with a fake MSN billing E-mail and advised them that they needed to update their information, their credit card number, in order to continue to enjoy their MSN experience and keep their account active," says Aaron Kornblum, Microsoft’s Internet Safety Enforcement Attorney.

The phishing E-mail falsely claimed that MSN customers would receive a 50% credit toward their next bill.

Kornblum says the scheme was fairly sophisticated and involved Web hosts in California and Austria, and an Internet-service provider in India. The investigation began in September 2003 when a woman forwarded one of Harris' phishing messages to her son-in-law, a Microsoft employee. A month later, Microsoft filed a civil suit against Harris.

"After we did some initial investigation here, we were able to file a civil lawsuit and through the issuance of subpoenas learn quite a bit about who was responsible, and then transmitted all of this information to the FBI for pursuit and follow-through," Kornblum explains. "I think that the guilty plea is evidence of the strength of the government's case against Mr. Harris and demonstrates the government's commitment to aggressively pursue these cases."

According to Kornblum, this was first phishing case Microsoft pursued. Since then, the company's Internet Safety Enforcement team, comprised of 65 people worldwide, has filed 121 phishing-related lawsuits.

The scheme, which duped between 50 and 250 victims, netted Harris about $57,000. But between the fraud and wire fraud charges, it could cost him substantially more than that.

For wire fraud, Harris faces punishment of not more than 20 years imprisonment, a maximum fine of not more than $250,000, or both. If the crime affected a financial institution, he could face up to 30 years imprisonment, a fine of not more than $1,000,000, or both. Finally, the fraud charge could result in up to 10 years imprisonment, a fine of not more than $250,000, or both.

A court sentencing conference is currently scheduled for March 30.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights