titanadmin - Page 15

Satan Ransomware: A Particularly Worrying New RaaS

by titanadmin | Jan 24, 2017 | Email Scams, Phishing & Email Spam, Spam News |

You have no doubt heard of Locky and Cryptolocker, but what about Satan ransomware? Unfortunately, you may soon be introduced to this new ransomware variant. No matter where your organization is based, if you do not have a host of cybersecurity defenses to block ransomware attacks, this nasty file-encryptor may be installed on your network.

Satan Ransomware is being offered to any would-be hacker or cybercriminal free of charge via an affiliate model known as ransomware-as-a-service or RaaS. The idea behind RaaS is simple. Developers of ransomware can infect more computers and networks if they get an army of helpers to distribute their malicious software. Anyone willing to commit a little time to distributing the ransomware will receive a cut of any profits.

Ransomware authors commonly charge a nominal fee for individuals to participate in these RaaS schemes, in addition to taking a percentage of any ransomware payments that are generated. In the case of Satan ransomware, the developers offer RaaS totally free of charge. Anyone who wants to distribute the malicious software is free to do so. In exchange for their efforts they get to keep 70% of the ransom payments they generate. The remaining 30% goes to the ransomware authors. The gang behind the RaaS also offers higher percentages as infections increase as a reward for effort. All that is required to get started is to create a username and password. Access to the ransomware kit can then be gained.

What is alarming is how easy it is to participate in this RaaS scheme and custom-craft the malware. The gang behind the campaign has developed an affiliate console that allows the malware to be tweaked. The ransom amount can be easily set, as can the time frame for making payments and how much the ransom will increase if the payment deadline is exceeded.

Help is also offered with the distribution of the malware. Assistance is provided to make droppers that install the malware on victims’ systems. Help is offered to create malicious Word macros and CHM installers that can be used in spam email campaigns. Help is also offered to encrypt the ransomware to avoid detection. Even multi-language support is provided. Any would-be attacker can craft ransom demands in multiple languages via the RaaS affiliate console.

Satan ransomware performs a check to determine if it is running on a virtual machine. If it is, the ransomware will terminate. If not, it will run and will search for over 350 different file types. Those files will be locked with powerful encryption. File extensions are changed to. stn and the file names are scrambled to make it harder for victims to identify individual files. The ransomware will also wipe all free space on the hard drive before the ransom demand is dropped onto the desktop.

There is no decryptor for Satan ransomware. Recovery without paying the ransom will depend on organizations being able to restore files from backups. Since the ransomware also encrypts backup files, those backups will have to be in the cloud or on isolated devices.

RaaS is nothing new, but what is so worrying about Satan ransomware is how easy it has been made for affiliates. Next to no skill is required to run a ransomware campaign and that is likely to see many individuals take part in the RaaS program.

Spate of Gmail Phishing Attacks Detected

by titanadmin | Jan 20, 2017 | Email Scams, Phishing & Email Spam, Spam News |

A spate of Gmail phishing attacks has hit the headlines this week. While the phishing scam is not new – it was first identified around a year ago – cybercriminals have adopted the campaign once more. The phishing emails are used to obtain Gmail login credentials are highly convincing,. A number of different tactics are used to evade detection, some of which are likely to fool even the most security aware individuals.

The Gmail phishing attacks start with an email sent to a Gmail account. Security aware individuals would be wary about an email sent from an unknown source. However, these attacks involve emails sent from a contact in the target’s address book. The email addresses are not masked to make them look like they have come from a contact. The email is actually sent from a contact’s account that has already been compromised.

Email recipients are far more likely to open emails sent from their contacts. Many people do not perform any further checks if the sender is known to them. They assume that emails are genuine solely from the source.

However, that is not the only technique used to fool targets. The attackers also use information that has been taken from the contact’s sent and received messages and add this to the email. An screenshot of an attachment or image that has already been included in a previous email between the contact and the target is included in the message. Even if the target is slightly suspicious about receiving an email, these additional touches should allay concern.

The aim of the email is to get the target to click on the image screenshot. Doing so will direct them to a Gmail login page where the target is required to sign in again. While this is perhaps odd, the page that the user is directed to looks exactly as it should. The page exactly mirrors what the user would normally expect.

Checking the website address bar should reveal that the site is not genuine; however, in this case it does not. The address bar shows the site is secure – HTTPS – and the web address includes accounts.google.com. The only sign of the scam is the inclusion of ‘data.text/html’ before accounts.google.com in the address bar.

Entering in account credentials will send that information directly to the attackers. The response is lightning quick. Account credentials are immediately used to log into the victim’s account. Before the victim even suspects they have been scammed, the entire contents of their Gmail account could be stolen, including sent and received emails and the address book. Contacts will be subjected to these Gmail phishing attacks in the same fashion.

Google is aware of the scam and is currently developing mitigations to prevent these types of attacks from occurring. In the meantime, however, users of Gmail should be particularly wary. Many users just glance at the address bar and look for the HTTPS and the web address. Failure to very carefully check the address bar and protocol before entering login credentials can – and certainly will in this case – result in the user’s account being compromised. Gmail accounts contain a huge amount of personal information. Information that could be used in future spear phishing attacks, extortion attempts, and other scams on the target and their contacts.

L.A. County Victim of One of the Largest Phishing Attacks in the United States

by titanadmin | Jan 3, 2017 | Email Scams, Phishing & Email Spam, Spam News |

Last month, L.a. County reported one of the largest phishing attacks in the United States. A single phishing campaign directed at Los Angeles County employees saw an incredible 108 individuals fall for the scam. Each employee that responded to the campaign inadvertently divulged their email credentials to the attacker. 108 email accounts were compromised as a result of the one phishing campaign.

While it is not known whether the individual behind the campaign successfully retrieved any data from L.A County email accounts, the compromised email accounts were a treasure trove of sensitive information. The email accounts contained the sensitive information of more than 750,000 individuals.

While the announcement of the phishing attack was only made in December, the actual incident occurred on May 13, 2016. In contrast to the phishing and spam email campaigns of old that contained numerous spelling mistakes, grammatical errors, and bordered on the unbelievable, this campaign was expertly crafted. The attacker used realistic text and images, hence the reason why such a large number of employees fell for the scam.

Fortunately for L.A. County, the phishing attack was identified promptly – within 24 hours – therefore limiting the damage caused. A detailed forensic investigation revealed that 756,000 individuals had their sensitive information – including Social Security numbers and protected health information- exposed as a result of the attack.

There was further good news. The lengthy investigation confirmed the identity of the attacker, a Nigerian national – Austin Kelvin Onaghinor. A warrant has been issued for his arrest. Bringing that individual to justice may be another matter. Extraditing foreign nationals to the United States can be a difficult and long winded process. However, L.A District Attorney Jackie Lacey has vowed to “aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law.”

Phishing attacks on this scale are unfortunately not that rare. Cybercriminals are becoming much better at crafting convincing emails and gaining access to corporate email accounts. All too often, the phishing attacks are not identified quickly, giving criminals plenty of time to exfiltrate data from compromised accounts. Many phishing campaigns are conducted to obtain network credentials and other information that can be used to gain a foothold in corporate networks. Once access is gained, all manner of nefarious activities take place.

This L.A. County phishing scam clearly demonstrates that employees are the weakest link in the security chain, which is why cybercriminals are committing more time and effort into phishing attacks. It is far easier to compromise an email account or gain access to a network if an employee provides their login credentials than attempting to find a chink in advanced cybersecurity defenses.

Protecting against phishing attacks requires an advanced spam filtering solution. Without such a solution in place, organizations have to rely on employees identifying emails as malicious. Something which is becoming much harder to do as cybercriminals perfect their social engineering techniques.

Blocking phishing emails and preventing them from being delivered to inboxes is the single-most effective solution to counter the phishing threat. Along with staff anti-phishing training and anti-phishing exercises, organizations can mount a defense against such attacks and avoid the not inconsiderable mitigation costs. Providing credit monitoring and identity theft protection services to 756,000 individuals is a sizeable cost for any organization to absorb.

Holiday Season Scams Aplenty as Black Friday Draws Closer

by titanadmin | Oct 31, 2016 | Email Scams, Phishing & Email Spam, Spam News |

Thanksgiving weekend sees Americans head on line in the tens of millions to start online Christmas shopping in earnest and this year the holiday season scams have already started.

Black Friday and Cyber Monday are the busiest online shopping days, but some retailers are kickstarting their promotions early this year and have already started offering Black Friday deals. Amazon.com for example launches its first Black Friday offers tomorrow, well ahead of the big day on 25th November.

It is no surprise that retailers are trying to get ahead. 41% of shoppers start their holiday shopping in October according to a recent National Retail Federation survey. 41% of shoppers wait until November. 82% of shoppers like to make an early start, and this year so are the scammers.

A popular tactic used by cybercriminals is typosquatting – the registration of fake domains that closely match the brand names of well-known websites. Phishers use this tactic to obtain login credentials and credit card numbers. In recent weeks, there has been an increase in typosquatting activity targeting banks and retailers.

A fake domain is registered that closely matches that of the targeted website. For instance, the Amaz0n.com domain could be purchased, with the ‘o’ replaced with a zero. Alternatively, two letters could be transposed to catch out careless typists. A website is then created on that domain that closely matches the targeted website. Branding is copied and the layout of the genuine site is replicated.

There is another way that scammers can take advantage of careless typists. Each country has its own unique top level domain. Websites in the United States have .com. Whereas, websites registered in the Middle Eastern country of Oman have the .om domain. Scammers have been buying up the .om domains and using them to catch out careless typists. In the rush to get a holiday season bargain, many users may not notice they have typed zappos.om instead of zappos.com.

Visitors to these scam websites enter their login credentials as normal, yet all they are doing is giving them to the attackers. The scammers don’t even need to spoof an entire website. When the login fails, the site can simply redirect the user to the genuine site. Users then login as normal and complete their purchases. However, the scammers will have their login credentials and will be able to do the same.

However, many websites now have additional security features to prevent the use of stolen login credentials. If a login attempt is made from an unrecognized IP address, this may trigger additional security features. The user may have to answer a security question for example.

Some scammers have got around this problem. When a user attempts to login on a scam site, a login session is automatically opened on the genuine website. The information entered on the scam site is then used by the attackers on the genuine site. When the unusual IP address triggers an additional security element, this is then mirrored on the scam site with the same question forwarded to the user. The question is answered, and an error message is generated saying the login was unsuccessful. The user is then redirected to the genuine site and repeats the process and gains access. Chances are they will be unaware their account details have been compromised. Hours later, the scammers will login to the genuine site using the same credentials.

Businesses must also exercise caution at this time of year and should take steps to reduce the risk of employees falling for holiday season scams. Employees keen to get the latest bargains will undoubtedly complete some of their purchases at work.

Email scams increase at this time of year and business email accounts can be flooded with scam emails. Offers of discounts and special deals are likely to flood inboxes again this year. Email holiday season scams may not be about stealing login credentials. Given the increase in malware and ransomware infections in 2016, this holiday season is likely to see many holiday season scams infect businesses this year. A careless employee looking for an online bargain could all too easily click a link that results in a malware download or ransomware infection.

As holiday season fast approaches, the scammers will be out in force. It is therefore important for both businesses and consumers to take extra care. If you want to find out how you can protect your business from malware and ransomware, contact the TitanHQ team today and find out more about our security solutions.

Latest PayPal Email Scam Appears to Use Genuine PayPal Email Account

by titanadmin | Jul 30, 2016 | Email Scams, Phishing & Email Spam, Spam News |

A highly sophisticated PayPal email scam has been uncovered that is being used to deliver banking malware. Rather than promise the email recipient a sum of money or the opportunity to claim an inheritance from a long lost relative, this PayPal email scam claims a payment has been made to the victims account and that the money needs to be refunded.

The scam emails say that $100 has been fraudulently sent to the victims account and a refund is requested. The emails contain PayPal logos and appear to have been sent directly from PayPal. The emails appear to have been sent from the members@paypal.com email account. The message contains the subject line “You’ve got a money request”.

It is not clear how the attacker has managed to spoof the PayPal email account, or how the email manages to bypass the spam filter of Gmail.

If the victim responds to the email and makes the payment they will have lost $100; however, that is not all. The victim will also have malware loaded onto their computer. The malware will be loaded automatically regardless of whether the payment is made.

A link is contained in the email which the user must click to find out more about the transaction. The link contains a shortened URL and directs to a document detailing the transaction. The document has a goo.gl address and the link appears to be a jpeg image of the transaction details.

However, clicking the link will result in a javascript (.js) file being downloaded onto the victim’s computer. The script will download a flash executable file, which will install the malware if it is run.

Chthonic Banking Malware Delivered via PayPal Email Scam

The malware that is installed is a variant of the infamous Zeus banking malware – Chthonic. This malware has been programmed to inject its own code and images into banking websites. When the victim visits their online banking website the malware captures login names, passwords, PIN numbers, and answers to security questions. Many banking malware variants target a small number of financial institutions; however, Chthonic is capable of recording information entered into more than 150 different banking websites. Victims are primarily in the UK, US, Russia, Japan, and Italy.

Chthonic isn’t the only malware delivered. Researchers at Proofpoint have determined that an additional previously unknown malware variant called AZORult is also installed onto victims’ computers. Little is known about this new malware variant.

New Game of Thrones Phishing Scam Uncovered

by titanadmin | Jul 11, 2016 | Email Scams, Phishing & Email Spam, Spam News |

A new, sophisticated Game of Thrones phishing scam has been uncovered which is targeting individuals who illegally download pirated copies of the HBO series. Game of Thrones is the most pirated TV show in history, with many individuals choosing to illegally download the latest episodes to get their GOT fix. This has not escaped the attention of scammers.

Game of Thrones Phishing Scam Emails Sent via ISPs

The scammers have used an innovative trick to make their scam more realistic. The emails claim to have been sent by IP-Echelon, the company that is used by HBO and other entertainment companies to enforce copyright claims. IP-Echelon has already sent many copyright infringement emails to illegal downloaders of movies and TV shows on behalf of a number of companies.

The Latest Game of Thrones phishing scam uses emails that appear to have been generated by IP-Echelon. The emails are extremely well written and contain the same language that is used by the organization when sending out legitimate notices to ISPs.

The ISPs, believing the copyright infringement notices to be genuine, then forward the emails to customers. Since the notice is sent by the ISP, the Game of Thrones phishing scam appears to be genuine.

The customer is told that they must settle the case promptly – within 72 hours – in order to avoid legal action. To settle the case, the customer must visit a link to review the settlement offer and make payment. Failure to do so will see that settlement offer withdrawn. The email says that the settlement about will increase as a result.

The scam has been run in the United States, although there have been a number of reports of individuals in Canada, Europe, and Australia also having been targeted with the same email scam.

A Convincing Phishing Scam That Has Fooled Many ISPs

It is unclear at this point whether the scammers are specifically targeting individuals who have accessed torrent sites and have downloaded torrent files, or whether the emails are being sent out randomly. Some individuals have taken to Internet forums to claim that they have not performed any illegal downloads, while others have been using torrent sites to illegally download TV shows and movies.

HBO has previously taken action over illegal downloaders and has used IP-Echelon to send out notices very similar to those being used by the scammers. Since the Game of Thrones phishing scam appears to be so realistic, many illegal downloaders may be fooled into making the payment. However, that payment will go directly to the scammers.

As is the case with all email requests such as this, the recipient should take steps to verify the authenticity of the email prior to taking any action. Contacting the company that sent the message – using the contact telephone number on the company’s official website – is the best way to confirm authenticity. Email recipients should never use any contact information that is sent in the email body.

Some ISPs have taken steps to confirm the authenticity of the emails and have discovered they are a scam, but not all. Many have been forwarded on by ISPs who believed the scam emails to be legitimate.

Beware of Brexit Phishing Attacks

by titanadmin | Jul 5, 2016 | Email Scams, Phishing & Email Spam, Spam News |

The EU referendum that recently took place in the United Kingdom has sparked a spate of Brexit phishing attacks. Brexit – a contraction of British exit from the European Union – has caused considerable economic turmoil in the UK and a great deal of uncertainty about the future. It is not only the UK that has been affected. The decision of 52% of British voters to opt to leave the EU has had an impact on markets around the world.

Whenever a big news story breaks, criminals seek to take advantage. Cybercriminals have been quick to take advantage of the UK EU referendum result and have launched a wave of Brexit phishing attacks which trick people into downloading malware onto their computers.

The Brexit phishing attacks are being conducted using spam email messages. Attackers are sending out emails in the millions with subject lines relating to the Brexit result. The emails play on fears about the uncertainty of the financial markets, the economic turmoil that has been caused, and the political upheaval that has followed.

The emails contain malicious attachments which, if opened, install malware onto the victims’ computers. Many email messages contain links to malicious websites where drive-by malware downloads take place. Some of the emails offer victims help to keep their bank accounts and savings protected from currency fluctuations. In order to protect accounts, the victims are required to divulge highly sensitive information such as bank account details via scam websites.

The malware being sent is capable of logging keystrokes made on computers. These malicious software programs then relay sensitive information such as online banking login information to the attackers, allowing them to make fraudulent transfers.

All computer users should be extremely wary about unexpected email messages. Opening file attachments sent from unknown senders is risky and may result in malware being loaded onto computers. Ransomware can also be installed. The malicious software locks files until a ransom payment is made to the attackers.

Any email that contains a link to a news story should be deleted. The story will be covered by the usual news websites if it is genuine. Those sites should be accessed directly through the browser or via the search engines.

Organizations can protect their networks and users from Brexit phishing attacks and other malicious spam email campaigns by installing a spam filtering solution such as SpamTitan. SpamTitan captures more than 99% of spam email, preventing phishing emails from being delivered.  This reduces reliance on employees being able to identify a phishing scam or malicious email.

Spate of Facebook Phishing Attacks Reported

by titanadmin | Jul 4, 2016 | Email Scams, Phishing & Email Spam, Spam News |

Facebook phishing attacks are fairly common. The website has 1.65 billion active monthly users, a considerable number of which access the social media platform on a daily basis. With such a huge number of users, it is understandable that criminals often target users of the platform.

However, the latest phishing scam to target Facebook users is notable for the speed and scale of the attacks. Kaspersky Lab reports that the latest Facebook phishing attacks have been claiming a new victim every 20 seconds.

The Facebook phishing attacks took place over a period of two days, during which time more than 10,000 Facebook users had their computers infected with malware.

The phishing scam involves site users being sent a message from their ‘friends’. The messages say the user has been mentioned in a comment on a Facebook post. However, when they respond to the message they download a Trojan onto their computers and inadvertently install a malicious Chrome browser extension. In the second phase of the attack, the Trojan and the browser extension are enabled.

When the victim next logs into Facebook the login details are captured and sent to the attacker. This gave the attackers full control of the victims’ Facebook accounts. This allows them to make changes to the privacy settings, steal data, and send their own messages to all of the victims’ contacts on Facebook. The attacks were also used to register fraudulent likes and shares.

The attackers took steps to prevent the infections from being detected. The malware was capable of blocking access to certain websites which could potentially result in the victims discovering the malware infection. The websites of a number of cybersecurity sites were blocked, for instance.

The phishing attack mostly affected Facebook users on Windows computers, although Kaspersky Lab noted that Windows mobile phones were also compromised in the attacks. Individuals who accessed Facebook via Android and Apple phones were immune.

The attacks concentrated on users in South America, with Brazil the worst hit, registering 37% of the Facebook phishing attacks. Columbia, Ecuador, Mexico, Peru, and Venezuela were also heavily targeted. Attacks in Europe were mostly conducted on users in Poland, Greece, and Portugal, with Germany and Israel also hit hard.

The malware used in the latest Facebook phishing attacks is not new. It was first identified about a year ago. Kaspersky Lab reports that the attackers are most likely of Turkish origin, or at least Turkish-speaking.

What sets this phishing scam apart from the many others is the speed at which users were infected. However, the response to the attacks was also rapid. Users who discovered infections spread the news on Facebook, while the media response helped to raise awareness of the scam. Google has also taken action and has now blocked the malicious Chrome extension.

CEO Fraud Scams are a Growing Concern and IT Pros are Worried

by titanadmin | Jun 29, 2016 | Email Scams, Phishing & Email Spam, Spam News |

Cybercriminals are conducting CEO fraud scams with increasing frequency and many organizations have already fallen victim to these attacks. Many companies have lost tens of thousands of dollars as a result of these criminal attacks. In some cases, companies have lost hundreds of thousands or millions of dollars.

What are CEO Fraud Scams?

CEO fraud scams involve an attacker impersonating the CEO of an organization and sending an email to the CFO requesting a bank transfer to be made. The account details of the attacker are supplied, together with a legitimate reason for making the transfer.  Oftentimes, these scams involve more than one email. The first requests the transfer, followed by a second email with details of the amount and the bank details for the transaction. By the time the fraudulent transfer is discovered, the funds have been withdrawn from the account and cannot be recovered.

The FBI has issued warnings in the past about these CEO fraud scams. A spate of attacks occurred in Arizona recently. The average transfer request was between $19,000 and $75,000. An April 2016 FBI warning indicated $2.3 billion in losses had been reported between October 2013 and February 2016, with CEO fraud scams increasing by 270% since January 2015.

By training all employees on the common identifiers of phishing emails and also to be more security aware, organizations can reduce the risk of attacks being successful. However, while training is often provided to employees, it is not always given to executives and the CEO. According to a recent survey conducted by Alien Vault, only 44% of IT security professionals said every person – including the CEO – received training on how to identify a phishing email.

Protecting Against CEO Fraud Scams

It is possible to take steps to prevent CEO fraud scams. Email security solutions – SpamTitan for example – can be configured to prevent emails from spoofed domains from being delivered; however, if the email comes from the account of a CEO, there is little that can be done to prevent that email from being delivered. It is therefore essential that training is provided to all members of staff – including executives – on phishing email identification techniques.

Alien Vault polled 300 IT security professionals at Info Security Europe 2016 to determine how prepared organisations were for phishing attacks and what steps had been taken to reduce risk. The results of the survey show that the majority of organisations now provide training to reduce risk, although almost one in five are not taking proactive steps to reduce the risk of phishing and CEO fraud scams.

Almost 45% of companies said they train every single person in the organization on phishing email identification techniques, while 35.4% said that most employees are trained how to identify malicious emails. 19.7% said they do not take proactive steps and deal with phishing problems as and when they occur.

37% of Executives Have Fallen for a Phishing Scam

Out of the 300 respondents, 37% reported that at least one executive had fallen for a phishing scam in the past, while 23.9% of respondents were unaware if they had. However, even though many had experienced phishing attacks, IT security professionals were not confident that such attacks would not happen again in the future.

More than half of respondents believed that company executives could fall for a scam, while nearly 30% said that if the scam was convincing, their executives may be fooled. Only 18.5% said that their executives had been thoroughly briefed and were well aware of the dangers and would not fall for such a scam.

CEO fraud scams can be extremely lucrative for attackers, and oftentimes a considerable amount of time is spent researching companies and crafting clever emails. A variety of social engineering techniques are used and the emails can be very convincing.

Training is important, but it is also vital that efforts are made to ensure the training has been effective. The best way to ensure that all individuals have understood the training is to conduct phishing exercises – Sending dummy phishing emails in an attempt to get a response. This allows IT departments to direct further training programs and ensure that weak links are addressed.

Spam King Gets 30 Months Jail for 27 Million Message Spam Campaign

by titanadmin | Jun 16, 2016 | Email Scams, Phishing & Email Spam, Spam News |

The self-proclaimed Spam King, Sandford Wallace, has been sentenced to 30 months in jail for a Facebook spam campaign conducted between November 2008 and February 2009.

Wallace hacked approximately 550,000 Facebook accounts and used those accounts to post spam messages to users’ walls which directed their Facebook followers to webpages which harvested login credentials and other personal information.

For each account that was compromised, Wallace gathered details of the users’ friends and posted spam messages to their walls. Wallace used an automated script to sign into the hacked accounts and post spam messages. In total, more than 27 million spam messages were sent via those accounts. Wallace was allegedly paid for sending traffic to websites via the spam messages. Wallace’s activities earned him the nickname “Spamford” Wallace.

It has been widely reported that Wallace was a career spammer, having first made a business out of spamming in the 1990’s with a company called Cyber Promotions. The company was reportedly sending around 30 million spam emails a day.

Wallace had been found guilty of Internet offenses in civil cases in the past, resulting in a fine of $4 million in 2006 for use of malicious popup adverts and a fine of $230 million for phishing attacks via MySpace in 2008. This is the first time the spam king has received a criminal conviction for his online activities.

Wallace was indicted in 2011 for the improper accessing of Facebook accounts and for sending unsolicited adverts on three occasions, spread over a period of 4 days. He was banned from accessing Facebook, yet violated the court order resulting in a charge of criminal contempt of court. Wallace was released on a bond, and while he was due to be sentenced in December, the case had to be delayed after two of Wallace’s lawyers quit.

The Spam King’s campaigns have resulted in him being ordered to pay more than $1 billion in damages, although Wallace was unable to pay the civil fines.

Wallace was convicted of one count of fraud and related activity in connection with electronic mail and one count of criminal contempt. The Office of the United States Attorney for the Northern District of California recently announced the sentence, which was passed down by Judge Edward J. Davila.

In addition to the jail term, the spam king has been ordered to pay fines of over $310,000. Wallace could have received a maximum jail term of three years. Wallace will also be required to undergo 5 years of supervised release once the sentence has been served. That sentence begins on Sept, 7, 2016.