Skip to content ↓ | Skip to navigation ↓

Just as every king ascends the throne, so too must they in time forfeit their rule.

That fateful day came on Monday for Sanford “Spam King” Wallace, 47, of Las Vegas, who was sentenced to two and a half years in prison as a result of his spamming activities against Facebook users.

According to a statement published by the U.S. Attorney’s Office in the Northern District of California, Wallace opened a Facebook account under the fake name “David Frederix” in November 2008. He used that account to send out phishing spam messages that tricked unsuspecting users into visiting a website where they were asked to enter in their personal information and login credentials. Once the phish succeeded, victims were redirected to an affiliate website, traffic for which he earned money by helping to generate visits. Wallace then used an automated process he developed to sign into a compromised Facebook user’s account, retrieve a list of their friends, and send the same spam message out to each of those friends.

spam king
Sanford “Spam King” Wallace, then president of Cyber Promotions (Source: USA Today)

In total, Wallace abused 500,000 compromised Facebook users’ accounts to send over 27 million spam messages between November 2008 and March 2009. He also admitted to having directly accessed Facebook’s computer network on at least three separate occasions during that period to send between 120,000 and 300,000 spam messages at a time.

After learning of his activities, Facebook filed a lawsuit against Wallace alleging he had violated the CAN-SPAM Act of 2003, the Computer Fraud and Abuse Act, and California’s Anti-Phishing and Computer Data Access and Fraud Acts. U.S. District Court Judge Jeremy Fogel subsequently ordered Wallace to not access Facebook’s computer networks in three separate hearings. The spammer admitted in April 2009 he disobeyed the judge’s orders while on a plane from Las Vegas to New York.

Facebook is not the only site with which Wallace has come into conflict. In fact, his spamming activities first began back in the 1990s, and they shifted targets as the technology advanced.

His first spamming stint began when he used junk faxes to promote his company, Cyber Promotions. He then shifted to email-based spam for Cyber Promotions, through which he ran afoul of AOL and EarthLink.

Following a brief respite, he returned to spamming by targeting MySpace with a phishing campaign similar to the one he developed for Facebook. Wallace compromised 300,000 accounts and sent out close to one million spam messages before the social networking site filed a lawsuit against him in 2007. He lost that civil suit, among many others, which led to a hit of close to one billion dollars in outstanding default judgments.

Finally, the courts had had enough.

In 2011, the United States District Court in the Northern District of California unsealed an indictment against Wallace charging him with multiple counts of fraud, criminal contempt, and intent to cause damage to a protected computer, among other charges.

Four years later, on August 24, 2015, the spammer pleaded guilty to one count of fraud and one count of criminal contempt as part of a plea agreement.

The district court has since sentenced Wallace to 36 months in prison in the hope he will come to understand spamming as a serious crime. Per prosecutors’ statement in a pre-sentencing memorandum:

“The defendant’s history demonstrates that he has yet to suffer a consequence – other than a default judgment that cannot be collected — for his spamming activities. A sentence of 36 months’ imprisonment will impress upon the defendant the seriousness of his actions and deter him from engaging in similar conduct again.”

The court has also sentenced Wallace to a five-year period of supervised release and to pay over $310,000 in restitution for his crimes.

He will begin serving the sentence in September 2016.

For information on how you can avoid falling victim to a Facebook scam such as those peddled by the Spam King, please click here.