27 Million Spam Messages Earns Man the Title of “Spam King,” and 2.5 Years in Prison

The man who, between 2008 and 2009, stole the log-in credentials of Facebook users to spread his credential-stealing web links, has been sentenced to some hard time.

Sanford Wallace, a habitual spammer with a long history of spreading the irritating garbage to unwilling recipients, will be spending two and a half years in prison in addition to paying a fine of $310,629.

Wallace’s modus operandi involved sending his victims a link to an external site that would steal both their credentials to log in as well as their compiled friend lists. To do so, he utilized the aliases of David and Laura Frederix and 1,500 falsified domains. Once he claimed their data, his message could be sent to members of the friend list from the victims’ accounts, creating a system that expanded exponentially as more and more fell prey to the spammer’s trap. This trap, by the way, turned Wallace a profit; he was able to send links to other websites and was then paid for generating traffic to them.

This system resulted in a total of 27 million spam messages being dispersed to over 550,000 Facebook users.

While this was Wallace’s first conviction, it was not his first spam-related offense. His experience with the widely-reviled junk mail reaches back to 1995 when he established his company Cyber Promotions as part of a junk fax campaign. He also had lost multiple civil cases from bigwigs such as Facebook, the FTC, and others. Wallace was held in contempt after he failed to abide by three court orders issued in 2009, barring him from ever again visiting Facebook.

Upon his release, Wallace faces an additional five years of probation, along with court-ordered mental health treatment. And, almost certainly for the best, Wallace has been barred from owning or using a computer without the express permission of his probation officer, although only time will tell if that ultimately makes a difference.

Lessons From the Spam King
Hackers and malware distributors can be frustratingly persistent in their attempts to cause grief. As a result, you need to stay just as persistent in your defense and vigilance against these threats. Here are a few tips on how to do just that:

• Condense your friend list: While Facebook and other social networks can be great tools for remaining in contact with people you know, there probably isn’t much need to stay friends with the guy you shared a class or two with in college and never really spoke to. If it isn’t someone you will likely need to keep in touch with in the future, there isn’t much reason to add another point of vulnerability to your account. After all, one more friend is one more possible victim of an attack like Wallace’s.
• Keep your private details private: Despite the option to fill in numerous personal details as a part of your account, it is strongly recommended that you refrain from doing so as much as possible. Otherwise, you are handing out the details needed for crimes like identity theft or spamming. If nothing else, at least be certain that these details are set to private viewing only and check back periodically in case an update to the website has reset your selections.
• Avoid strange or unusual links: Keep an eye out for a few warning signs of social network malware. Is the message coming out of the blue from a contact that, besides this sudden message, you had more or less fallen out of touch with? Is the message misspelled, with odd grammar mistakes that are out of character for the alleged sender? Is the “personal” message vaguely worded, making it applicable to any reader but still tempting to click on? Chances are it is not actually from the supposed sender, and clicking the link will only serve to allow your account to be jeopardized as well.

Nobody likes being spammed, so it’s everyone’s duty to avoid helping spammers like Sanford Wallace in their attempts to do just that. For more tips on this and other IT matters, subscribe to our blog.