Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A 45-year-old California man convicted Jan. 12 of operating a sophisticated phishing scheme designed to steal personal and credit card information faces 101 years in prison.

Jeffrey Brett Goodin of Azusa became the first defendant convicted by a jury under the provisions of the CAN-SPAM Act of 2003, announced prosecutors in the U.S. Attorney’s Office in the Central District of California. He was found guilty of sending thousands of e-mails to America Online users under the guise of messages from AOL’s billing department that prompted customers to send personal and credit card information. He then used the information to make unauthorized purchases, officials said.

“Money mules” play a big part in phishing. Click here to read more.

Prosecutors argued during the weeklong trial that Goodin used several compromised Earthlink accounts to send the e-mails to AOL users. Those e-messages urged recipients to “update” their AOL billing information before they lost service and referred the AOL customers to one of several Web pages to input their personal and credit information, officials said.

Goodin controlled those Web pages and used the information so he and others could make unauthorized charges on the AOL users’ credit or debit cards.

In addition to the CAN-SPAM Act conviction, Goodin was convicted of 10 other counts, including wire fraud, aiding and abetting the unauthorized use of an access device (credit card), possession of more than 15 unauthorized access devices, misuse of the AOL trademark, attempted witness harassment, and failure to appear in court, officials said.

He is scheduled to be sentenced by United States District Court Judge Christina Snyder on June 11, officials said.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine’s eWEEK Security Watch blog.