Yahoo! today said that it has been awarded a $610 million default judgment, handed down by a federal judge in New York, against spammers responsible for a fake Yahoo! lottery email scheme. In the scheme, spammers sent emails to users, trying to trick them into believing they had won a lottery prize from Yahoo!.
Court documents show that Yahoo! estimated the defendants had sent at least 11,660,790 hoax emails from December 2006 through May 2009.
The judgment ends a multi-year lawsuit that began in 2008. The judge found the defaulting defendants jointly and severally liable as participants in a conspiracy under New York common law. The $610 million judgment was based on statutory damages award for trademark infringement in the amount of $27 million and a statutory damages award for violation of the CAN-SPAM Act in the amount of $583 million. Each violation of the CAN-SPAM Act (per email!) is subject to penalties of up to $16,000. Yahoo! said it was also awarded attorneys’ fees.
This scheme was an effort by cybercriminals to encourage users to divulge revealing personal data such as passwords, credit card information, and social security numbers. Some of the “winners” were also tricked into sending the defendants money for processing and mailing charges.
“Yahoo! takes the protection if its users and its brand very seriously,” said Christian Dowell, legal director, Global Brand Protection. “Our ultimate goal is to ensure that users continue to trust Yahoo! as the leading U.S. email provider.”
While $610 million would be a great thing for the somewhat struggling Internet media company, it’s highly unlikely that it will ever see any of the reward. While cybercrime is profitable, it’s unlikely the defendants have $610 million in their coffers.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
