This arrogance about his business practices probably won’t win him any friends as he faces 11 new counts – six for electronic mail fraud, three for intentional damage to a protected computer and two for criminal contempt. All of which he pleaded not guilty to in his most recent court appearance on August 4, 2011. If found guilty of these charges, Spamford faces up to 40 years in prison and up to a 2 million dollar fine.

The charges stem from Wallace compromising roughly 500,000 Facebook accounts between November 2008 and March 2009 and using them to send over 27 million spam messages to other users.

And just how did he manage to capture this many accounts? By sending phishing messages out on compromised accounts he was able to trick more victims into giving up their user information. These accounts would also be used to capture more compromised accounts to send out even more spam.

Released on a 100,000 dollar bond, Sanford is due back in court August 22. Of course these charges haven’t prevented him from creating a Google+ account to take the place of his court ordered ban from accessing Facebook or MySpace.

Didn’t reports say spam levels are at an all time low?

Stories like these often get buried by stories with a bit more flair. That is unfortunate because if more people were to read up on this story it could be a significant weapon in the fight against spam. Need a bit more explanation?

Other recent spam related news boasts on how spam is on the decline. When the public hears this, they immediately look for a new boogey man to worry about. I have written quite a few posts here explaining why I think that thinking we have won in the fight against spam is dangerous. Sanford Wallace’s recent indictment proves that.

Spam levels may be down when it comes to email spam, but as we all know this is only one way spammers are able to make money. As the playing field shifts, so will their tactics.

And should we let our guard down and think less of protecting our inboxes rest assured, they will pounce back to using email more frequently.

The story of Sanford Wallace should be used to show people that the threat of spam remains, regardless of reports that it is fading away.

Are people still that oblivious?

Something else that we can use in the fight against spam is the knowledge that people are still willing to give up their account credentials without question.

Wallace was able to con half a million users out of their passwords. Granted, it is a drop in the bucket when you consider Facebook has over 700 million users. But still, that number represents a large number of people who trust things on the Internet far too easily.

According to the Internet World Statistics site there are 2,095,006,005 Internet users worldwide. If just over 7 percent of Facebook uses were willing to fork over their credentials to a phishing attack, then 149,583,429 people could logically fall for a similar con.

There is still money to be made

Wallace had formally retired from the spam business in 1998 but has since been linked to pop-up advertising and scareware scams before jumping back into the game.

In 2004 he was ordered to pay over 5 million dollars in fines for his SmartBOT marketing scam and in 2008 he was ordered to pay 230 million dollars in fines for a later spam campaign using MySpace. In 2009, a judge ordered him to pay 711 million dollars to Facebook for compromising their servers. The order also prevented him from accessing Facebook.

This didn’t stop the Spam King from trying his hand at sending spam via the world’s largest social network gain creating the account called “David Sinful—Saturdays Fredericks”. Why? Obviously because there is still money to be made if you job is to send spam.

So spam fighters, users and curious onlookers beware. If nothing else, the tale of Sanford Wallace shows us that spam is still a problem we face every time we access any communication device. Be it our email, cell phone, mobile device or social network.

So will spam ever stop? Not as long as there is enough money to be made allowing you to pay close to a billion dollars in fines. But it can be controlled.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Sanford Wallace Back in Court: A Win For Spam Fighters?

The Twitter Grader application uses an algorithm to calculate, or grade, a Twitter user’s ranking among their peers.  This type of tool has been very popular with Twitter users who willingly grant access to their Twitter accounts for websites that offer this type of ego-feeding information.

The compromise resulted in thousands of unauthorized messages being sent from Grader users’ Twitter accounts containing a link to a web page that hosted an embedded video.  The content turned out to not be malicious and it has been speculated that this was an attempt to increase the search engine rankings of the website.

The hack was quickly acknowledged by Hubspot who proceeded to take down the Grader application while they investigated the issue.  Grader users are advised to revoke access for Grader to their Twitter accounts and also to consider changing their account password.In this particular incident the fallout is mainly embarrassment for Hubspot and some disgruntled users.  With no serious data breach of Hubspot’s paid customer base the matter will quickly fade into the background with no ongoing attention paid to it.

The potential impact of these sorts of breaches cannot be ignored.  Social networks carry a much higher degree of trust between relative strangers than other online communications.   One of the most popular users of these networks is sharing of interesting links, often masked by URL shortening services.

Simply put, the timing of the unauthorized message may have meant that it was sent by a particular user while they were conversing with an online friend and sharing a series of links with each other.  In that situation the recipient would not hesitate in clicking the spam link as well.

If the link was to a malicious web page that contained a web browser exploit then the number of compromised computers from this one hack would have been enormous.  The sad fact is that many computers connected to the web use outdated, unpatched operating systems, web browsers and other applications.  Even those that are completely up to date may have undisclosed vulnerabilities that hackers can exploit before security researchers can discover and patch them.  One of the most common exploits today is using PDF files.

For a home user a compromised computer can be a moderate inconvenience.  For a business network a compromised computer can be a major disaster.

So what can be done about these threats to businesses?

Technical Solutions – filtering of social networks to only approved users, blocking of URL shortening sites, and real-time scanning of file downloads.

Human Solutions – the cornerstone of any network’s security is the level of awareness of the end users to the potential threats that are out there.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Twitter Grader Hack Highlights Social Network Spam Risks

But onto the issue at hand. The wave of social networking attacks, social network phishing, and even social network spamming may call for the security policy to be revisited. Many security policies were created before social networking became as popular as it is today, and there has been an ongoing debate as to whether user policies need to be updated to reflect this new reality.

At first glance, the most obvious policy is to just ban social networking from the workplace. But, the reality of the situation is that social networking has become business networking. Businesses send Tweets to keep partners, the mobile sales force, and customers up to date on late-breaking developments. Business professionals use LinkedIn and Facebook for business networking. And there are others, like the recently-created SalesBook.com, which were created specifically for the business community. As a result, a blanket ban on social networking is just no longer practical from a business and marketing perspective.

Most observers agree that it’s time for an update in policy–and that policy has to get more specific as to what is allowed when it comes to social networking.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Policy updates may be in order to address social networking threats

With account registration moderation in place, the scenario above is a more controlled environment. So spam infiltrations are much harder to achieve. More mainstream popular social networks, like Facebook and Twitter, do not moderate registration. So spammers can slip in very easily to target legitimate members.

As mentioned in a previous article “Belated Spam Predictions“, spammers will continue to phish social networks, but use more sophisticated approaches. The goal is to collect not only personal information, but also retrieve information surrounding a person’s inner circle of friends and associates.

Continue to educate your email users to be prudent about information entered into their social network profiles. People must be more vigilant about the nonchalant acceptance with the comfort and trust in entering all types of information about themselves on social networking sites.

A balance must be created between personal branding or making networking connections, while keeping your personal information safe. If a phishing spammer gets to you, that means your friendship connections are also at risk.

It may seem innocuous to share your favorite books or movies on your profile. How about providing your real birth date as opposed to making yourself 10 years older or younger? So what, if you receive those automated or personal friend birthday wishes on the wrong day. At least you make your personal identification information safer. Your hobbies and interests may seem like it’s not a big deal. The more profile information you share, just makes it that much easier for cyber criminals to assume your identity. The more personal information shared, the higher the chances another person can become YOU to get closer to scamming your friends.

The next time you receive a “heart” invitation, a virtual “drink” or a “birthday” card from a friend on Facebook, look closer at the safety message displayed. It says “Allowing Birthday Cards access will let it pull your profile information, photos, your friends’ info, and other content that it requires to work.”  Each time the “Allow” button is clicked, your personal information and your friends list is being shared.

Social networks are powerful marketing and networking tools.   How much personal information do you think a person should share in a profile? Will the profile accuracy impact personal or business relationships?

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Social Network Spam Scare