Sanford Wallace is accused by the Federal Bureau of Investigation of allegedly using half a million phished Facebook accounts to send 27 million spam messages in 2008 and 2009. He was indicted on July 6 and voluntarily turned himself to the FBI on Aug. 4. The indictment was made public after Wallace turned himself in.
He was charged with multiple counts of fraud, three counts of intentional damages to a protected computer and two counts of criminal contempt. If convicted on all counts, Wallace could serve 16 years to 40 years in prison and pay $2 million in fines.
According to the indictment, Wallace allegedly created posts on victims’ Facebook walls to drive traffic to affiliate marketing companies, which pay their members by the number of clicks they deliver. Wallace allegedly evaded Facebook’s spam filters and sent spam messages to user inboxes on the social networking site. Users clicking on the link were sent to a malicious Website which phished their login credentials. According to court documents, Wallace allegedly wrote a script which did all the work.
Facebook has a big problem with malicious applications on the site that send spam in response to updates users post on their walls. The spam asks users to fill out fake surveys and redirects users to sites with malware. Sophos researchers list details of the latest Facebook scams almost every day on the NakedSecurity blog.
"We applaud the efforts of the U.S. Attorney’s Office and the FBI to bring spammers to justice and will continue to pursue and support both civil and criminal consequences for spammers and others who attempt to harm Facebook or the people who use our service," Facebook said in a statement.
Wallace, released Aug. 4 on a $100,000 bond, is set to appear in the United States District Court for the Northern District of California in San Jose on Aug. 22.
For more, read the eWeek article Notorious Facebook Spammer Surrenders to FBI.