Pump-and-dump stock spam makes a comeback

Anatomy of a pump-and-dump scam

Spam comes in different varieties: From Spam Classic to Spam with Bacon. Similarly, spam email arrives in inboxes in various flavours, ranging from offers of knock-off brands of 'male enhancement' pills to promises of fabulous wealth from West African princes.

Just as electronic messaging revolutionised the business of degree mills churning out worthless diplomas for suckerssomewhat academically challenged students, it also made the business of parting fools from their money using stock manipulation a lot more effective.

The so-called 'pump and dump' scam involves massively inflating the stock price of companies, shares in which would otherwise trade for low prices and at a low volume. In the days before the Internet entered its September that never ended and access to email became widespread, cold calling in boiler room operations was the typical modus operandi.

But thanks to the Internet, another industry has benefitted from disruptive innovation. Spam email, and to a lesser extent other online media such as forums and blogs, made the business of pump and dump a lot easier.

And pump and dump spam, after a lull late in the first decade of the 2000s, is on its way back according to security experts.

"For a while there were huge amounts – you could actually see global spam volumes just being pushed up by pump-and-dump scams," said Sean Richmond, senior technology consultant for Sophos Australia and New Zealand.

The idea behind the scam is that "spammers purchase stock trading at very low levels at very cheap prices, then they artificially inflate the stocks' price by convincing other people to come in," Richmond said.

The stocks generally targeted are so-called 'penny stocks': Cheap shares in companies that aren't listed on the big exchanges and aren't generally subject to the same regulatory scrutiny that larger public companies are.

Spam emails with subject lines such as "WE HAVE A HOT NEW TRADE IDEA COMING TOMORROW MORNING!" and "Is growing at extreme rate, might rally big?" convince people that they could get in at the ground floor before a company experiences significant growth in share prices. Sophos' Richmond says that almost invariably, the spammers don't have any connection to the company whose stock they've targeted. As people buy shares, it pushes the price up and encourages further investment – and then, typically, the share price experiences a precipitous drop as the spammers make their exit.

Security vendor Symantec has noted a drastic increase in stock spam.

One target for the resurgent wave of penny stock spam has been Get Real USA Inc: A small, US-based film production company. A global onslaught of spam email with subject lines such as 'TRADING ALERT: Important Details, Time Sensitive (Don't Miss This, Seriously)' compelled the company to change the home page on its website to warn against purchasing stock based on the email.

The company is listed on the exchange of OTC Markets Group, where it's part of the OTC Pink group: Companies not required to be registered with the US Securities and Exchange Commission. OTC Markets currently posts a warning for Get Real stating that there "is a public interest concern associated with the company which may include a spam campaign, questionable stock promotion, known investigation of fraudulent activity committed by the company or insiders, regulator suspensions, or disruptive corporate actions."

The share price of the company started to climb in late April, presumably in concert with the spam campaign's start. On 1 April, shares were trading for $0.007; by 1 May, shares were trading for $0.01 and the number of shares being traded had skyrocketed.

"It has been three weeks now," the company's president, Frank Weber Jr., said. "My only guess is someone is trying to wreck the company."

In conjunction with the spam pushing people to buy shares, a number of spam blogs have promoted the company.

Sophos' Richmond said that types of spam "tend to go in waves". When it comes to pump-and-dump scams, it's not unusual to see email spam accompanied by forum postings and the use of social networks, LinkedIn for example, and wire services to promote a stock.

After SEC intervention and a number of arrests – including a man in Arizona being sentenced to half a decade in prison – as well as the impact of the GFC on people's willingness to spend money, stock spam started to drop, Richmond said. In 2008, at a peak for the scam, pump-and-dump spam comprised around a quarter of all spam email, but it had started to decline

However, Trustwave security research lead Phil Hay told Computerworld Australia that stock spams have "skyrocketed" this year. Dating spam has also increased significantly, while another mainstay of spammers, pharmaceutical spam, has "dropped to very low levels".

Graph courtesy of Trustwave SpiderLabs.
Graph courtesy of Trustwave SpiderLabs.

Click here for a high resolution version.

"These changes reflect the waxing and waning of individual botnets and the changing nature of the various affiliate programs that the botnet operators sign up to," Hay said.

Trustwave has pegged Kelihos as the culprit for the resurgence in penny stock spam. Kelihos is a botnet that has been pronounced dead - at least twice.

Rohan Pearce is the editor of Techworld Australia and Computerworld Australia. Contact him at rohan_pearce at idg.com.au.

Follow Rohan on Twitter: @rohan_p

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags spamSpammers

More about SECSecurities and Exchange CommissionSophosSymantecTrustwaveWest

Show Comments