@tonymazzRegarding the account details you posted, unfortunately, there isn't anything shown there that would allow the code to identify it as a fake account. While a person can look at it and see that it is fake, from a coding point of view, it is legitimate since it has valid entries for an account.
I suppose a check could be added to see if the street address contained number and letters, or if just letters (which can happen) that it be at least two words. But that might be chasing a never ending list of possibilities.
Another check could be to see if the state and country match. Those details are in the database so it would not be difficult to check them. I will plan on adding this as an option.
Another check could be the post code. According to Wikipedia, the postal code of all countries that use one has at least one number in it. I will plan on adding this as an option.
You don't mention if you are using the IP List option. If not, you should be. And make sure to set up a cron job for it or the list won't be useful.
If you can identify some common letters that are not normally used, you can include those in the bad words option. For example, the suburb has an entry ending in "vxqd". I can't imagine word from any country using that. The entries in the fields are probably just randomly created so adding words like this may not help, or only a little, unless you are seeing them used over and over.
As for sending emails, be sure you have the options set to block email addresses and url's in the forms. Depending on your version of oscommerce, there might be a setting to limit how often emails can be sent. By raising that number to something higher, like 30 minutes, it might make it difficult for the spammers to send out large numbers of emails.
That's all I can offer on this sort of problem. If you, anyone, can see something else that should be checked, please post it here.