Just recently an $873 million fine was given to a Canadian who sent approximately four million spam messages to Facebook users. The man guilty, Adam Guerbez, obtained login information via phising and other third parties and spammed users' walls and inboxes with a plethora of advertisements (everything from male enhancement drugs and advertisements for marijuana). Adam Guerbez owns a company called "Atlantic Blue Capital", which was involved in the spamming, and is also facing charges. Bots (which were created and controlled by Guerbez) signed into the hacked accounts and sent the spam messages to the hacked users' friends. Regarding the nature of the crime, Facebook stated: "The voluminous and illicit nature of defendants' advertisements has tainted the Facebook experience for affected Facebook users". Many of the messages were decieving at first sight and were written in a manner that friends would write to eachother.
Facebook sued Guerbez under the CAN-SPAM act of Canada (the CAN-SPAM act has been active since 2004) for a grand total of $837M. In the CAN-SPAM system, one can be sued for a total of $11,000 per each individual violation (but in this case, the fines were doubled due to "aggravated circumstances"). Guerbez has been oficially banend from Facebook, forbidden to access the page or even ask people to acess the page on his behalf. According to the CAN-SPAM act, businesses that send unsolicited emails must identify the messages as advertisements, followed by a link that users can click to unsuscribe from receiving messages (similarly to when you unsuscribe to a mailing list). I personally believe that $873 million is way overboard for spamming, but it sure will make people think twice before they decide to mess with Facebook. Facebook should learn from the mistake and find ways to minimize phishing, perhaps creating a personalized security code that appears on your computer when you sign in (similarly to what Yahoo mail uses).