Man Responsible for 27 Million Facebook Spam Messages Finally Nabbed

Cyber security professionals and Internet users rejoice, for the “Spam King,” Sanford Wallace, has finally been sentenced for his longtime use of stolen Facebook credentials to spam other users. Between 2008 and 2009, he had stolen credentials for Facebook accounts, and then used the accounts to send credential-stealing web links. Now, he gets to spend the next two and a half years in prison, and pay an oddly-specific fine of $310,629.

Wallace’s preferred method of scamming involved sending his victims links to an external site. This site would swipe the credentials of those who clicked on it, as well as their compiled friend lists. He took the identities of David and Laura Frederix and 1,500 falsified domains to accomplish this feat. After he claimed the data, Wallace would use the users’ friend lists to spread his web of influence. He eventually built a system that collected credentials and expanded in scope with every successful clickthrough. Wallace also made a profit off of this system by sending links to other websites, who would pay him for generating the traffic.

At its peak, Wallace’s system collected the credentials for over 550,000 Facebook users, and sent 27 million spam messages through them.

This may have been Wallace’s first conviction, but it wasn’t his first spam-related offense. Since 1995 he had dabbled in junk mail campaigns. He founded a company called Cyber Promotions as part of a junk fax campaign. Additionally, he had lost several civil cases involving Facebook, the FTC, and some others. Wallace was held in contempt after failing to abide by three court orders in 2009, which should have kept him from ever visiting Facebook again.

Once he’s released, Wallace will be on probation for five years, and will attend court-ordered mental health treatment. Additionally, Wallace has been barred from owning or using a computer, unless under the express permission of his probation officer. Will this make a difference for the habitual spammer? Probably not - but hey, let’s give him the benefit of the doubt.

Lessons To Learn from the Spam King
This is hardly the first case of a social media spammer, and it certainly won’t be the last. It’s your responsibility to arm yourself with knowledge on how to avoid getting scammed while online. Here are a few tips to dodge sketchy social media activity:

• Limit your friend list: Facebook and other social media networks are great for keeping in touch with close friends, but you should keep your friend list limited to those who you will need to contact in the future. The process of cleaning out your friends list is often called a “Facebook purge,” and should be done regularly. You never know; one of those “friends” whom you haven’t spoken to in years could fall victim to a spammer, and rope you into their misery.
• Keep private details private: Facebook might prompt you to fill in several sections of personal information, but that doesn’t mean you have to, or should. Filling out information on Facebook is, more or less, making it publicly available for hackers of all types to use as they see fit. At the very least, be sure that you set this information to private viewing only. You can always change the settings later if you want to.
• Avoid strange or unusual links: Be sure to keep an eye out for the warning signs of social media hacks. If the message is coming from out of the blue, or if it’s riddled with spelling and grammar errors that are uncharacteristic of the sender, you want to be wary of it. Plus, if it’s vaguely worded, like it could have been sent to anyone, refrain from responding or clicking on any links. Chances are that the sender isn’t who you think it is.

For more great social media security tips and best practices, reach out to us at (732) 291-5938.