Cyber security professionals and Internet users rejoice, for the “Spam King,” Sanford Wallace, has finally been sentenced for his longtime use of stolen Facebook credentials to spam other users. Between 2008 and 2009, he had stolen credentials for Facebook accounts, and then used the accounts to send credential-stealing web links. Now, he gets to spend the next two and a half years in prison, and pay an oddly-specific fine of $310,629.
Wallace’s preferred method of scamming involved sending his victims links to an external site. This site would swipe the credentials of those who clicked on it, as well as their compiled friend lists. He took the identities of David and Laura Frederix and 1,500 falsified domains to accomplish this feat. After he claimed the data, Wallace would use the users’ friend lists to spread his web of influence. He eventually built a system that collected credentials and expanded in scope with every successful clickthrough. Wallace also made a profit off of this system by sending links to other websites, who would pay him for generating the traffic.
At its peak, Wallace’s system collected the credentials for over 550,000 Facebook users, and sent 27 million spam messages through them.
This may have been Wallace’s first conviction, but it wasn’t his first spam-related offense. Since 1995 he had dabbled in junk mail campaigns. He founded a company called Cyber Promotions as part of a junk fax campaign. Additionally, he had lost several civil cases involving Facebook, the FTC, and some others. Wallace was held in contempt after failing to abide by three court orders in 2009, which should have kept him from ever visiting Facebook again.
Once he’s released, Wallace will be on probation for five years, and will attend court-ordered mental health treatment. Additionally, Wallace has been barred from owning or using a computer, unless under the express permission of his probation officer. Will this make a difference for the habitual spammer? Probably not – but hey, let’s give him the benefit of the doubt.
Lessons To Learn from the Spam King
This is hardly the first case of a social media spammer, and it certainly won’t be the last. It’s your responsibility to arm yourself with knowledge on how to avoid getting scammed while online. Here are a few tips to dodge sketchy social media activity:
For more great social media security tips and best practices, reach out to us at 307-686-3025.