A man who targeted AOL users for four years with an "elaborate" phishing scheme pleaded guilty to federal charges Wednesday.

Michael Dolan, 23, formerly of West Haven, Conn. and North Miami Beach, Fla., pleaded in a U.S. District court in Connecticut to one count of conspiracy to commit fraud in connection with access devices, and one count of aggravated identity theft. Dolan, who is slated to be sentenced on Nov. 14, faces a mandatory sentence of two years for the identity theft charge and a maximum of five years on the second charge.

"Identity theft is a growing problem, and it's all too easy for innocent Internet surfers to be duped into handing over confidential information about themselves," said Graham Cluley, senior technology consultant for Sophos, in a written statement. "Cybercriminals need to be given a strong message that they will be given a serious punishment if they are caught. Individuals, meanwhile, need to become more clued-up about how to protect their identities online."

This isn't his first conviction on computer related charges. According to the U.S. Attorney's Office, Dolan was sentenced to two years of probation after pleading guilty to one misdemeanor count of accessing a protected computer without authorization. Two years later, a judge revoked his probation and sentenced him to nine months of imprisonment after ruling that Dolan had violated the conditions of his probation.

The DOJ reported that in this latest case, between 2002 and 2006, Dolan conspired with others to wage a phishing attack against AOL users to obtain names, credit card numbers, bank account numbers, Social Security numbers, and other personal and financial information.

The scheme, according to the government, involved culling AOL account names from chat rooms and spamming those users with phony e-mails, including fraudulent e-cards. The e-mail didn't convey an electronic greeting. Instead all unsuspecting users received was a Trojan download that forced the user to enter his logon name, credit card number, bank account number and Social Security number before he could access the AOL site.

The government reported that Dolan and his conspirators used the information to order goods online and to produce counterfeit debit cards, which were used at retail outlets and ATM machines.