Notorious Spam distributor Sanford Wallace voluntarily turned himself in to the FBI after a July 6 indictment on phishing Facebook accounts and spamming the site.
Sanford Wallace is accused of allegedly using half a million phished
Facebook accounts to send 27 million spam messages in 2008 and 2009. He
was indicted on July 6, but only voluntarily turned himself to the
Federal Bureau of Investigation on Aug. 4. The indictment was made
public after Wallace turned himself in.
He was charged with multiple counts of fraud, three counts of
intentional damages to a protected computer and two counts of criminal
contempt. If convicted on all counts Wallace could serve anywhere form
16 to 40 years in prison and pay $2 million in fines.
In his latest spam operation, Wallace allegedly created posts on
victims' Facebook walls to drive traffic to affiliate marketing
companies, according to the indictment. The affiliate marketing
companies pay their members by the number of clicks they deliver.
Wallace evaded Facebook's spam filters and sent spam messages to user
inboxes on the social networking site. Users clicking on the link were
sent to a malicious Website which phished their login credentials. He
allegedly wrote a script which did all the work, the court papers said.
Facebook has a big problem with malicious applications on the site that
send spam in response to updates users post on their walls. The spam
asks users to fill out fake surveys and redirects users to sites with
malware. Sophos researchers list details of the latest Facebook scams
almost every day on the NakedSecurity blog.
Wallace, released Aug. 4 on a $100,000 bond, is set to appear in the
United States District Court for the Northern District of California in
San Jose on Aug. 22.
Since forming Cyber Promotions in 1995, Wallace has faced civil
lawsuits under the federal CAN-SPAM Act from social networking sites
MySpace and Facebook. He used similar phishing tactics that he used on
Facebook on MySpace users as well. The judgments from those cases
totaled nearly $950 million in damages. After Facebook won its lawsuit
in October, the case was then referred to the United States Attorney
for possible criminal charges.
Even though he was banned from Facebook as part of the lawsuit, he
created a profile in January under the name David Sinful-Saturdays
Wallace, according to the indictment which also charged Wallace of
contempt of court for logging into the account in April while on a
Virgin Airways flight in 2009.
"We applaud the efforts of the U.S. Attorney's Office and the FBI to
bring spammers to justice and will continue to pursue and support both
civil and criminal consequences for spammers and others who attempt to
harm Facebook or the people who use our service," Facebook said in a
statement, noting that Wallace "now faces serious jail time for this
Wallace and Cyber Promotions may have sent as many as 30 million junk
emails a day in the 1990s. Before that he was best known for sending
out "junk faxes." His tactics earned him nicknames "Spamford" and "spam
Wallace has also been previously fined $5 million by the Federal Trade
Commission for infecting victims' computers with spyware and then
selling users a $30 program to remove it. In May 2006, Wallace and his
other company Smartbot.net were ordered by a federal court to turn over
$4.1 million. He was banned from AOL, CompuServe and Concentric
Networks at one point for his spam activities.