How lucrative is pump-and-dump spam?

Summary:Are pump-and-dump spammers really making money from hyping penny stocks in e-mails? Paul Moriarty has the answer and it's an eyebrow-raising sight.

Are pump-and-dump spammers really making money from hyping penny stocks in e-mails? Paul Moriarty has the answer and it's an eyebrow-raising sight.

Over the last month, Moriarty, director of product development for Internet Content Security at Trend Micro, has been running a virtual portfolio of selling short on stocks found during spam runs. After 22 transactions in a five-week period, he has earned a whopping $25,610.

Short selling (shorting) a stock is the act of profiting from a stock price going down. A short seller will typically borrow a security and sell it, expecting that it will decrease in value so that they can buy it back at a lower price and keep the difference.

During Moriarty's research, he used data from pump-and-dump e-mails flooding into Trend Micro's spam honeypots. "As soon as I see activity on a particular stock, I'll short that and set a limit to cover after I've made 10%. In just over five weeks, I've turned a 25.6 percent profit on a $100,000 virtual portfolio. This is exactly what these spammers are doing. It's risky business but it's easy money," Moriarty said in an interview.

"I made money on every transaction," he added.

On the other hand, if he were to have fallen victim to "hot stock" e-mail tips and invested and held, Moriarty's portfolio would have been down 27.6 percent.

Pump and dump (shorting) chart
Moriarty shared his research with me after the SEC's announcement yesterday that it had suspended trading in 35 companies whose shares were promoted in spam e-mails. (See more from Larry Dignan)

Although the SEC move is to be applauded, Moriarty sees it as a double-edged sword that creates an even bigger problem.

"Pretty soon, you'll start seeing extortion schemes. The spammers will simply call up a company and demand money on the threat of a pump-and-dump spam run. Think about it, a spammer now has the power to control which stocks are suspended by the SEC," Moriarty warned.

"Pretend I'm a bad guy and you're the CEO of XYZ company. I can call you up and say, 'hey, wire $50,000 to my eGold account or I'll run a pump-and-dump scheme to halt trading on your stock. This is the next step," he added.

Botnet operators controlling billions of zombie machines commonly use extortion tactics against online gambling sites and other companies, threatening to launch crippling denial-of-service attacks if random demands aren't met. In Moriarty's mind, denying a company the ability to trade on the stock market isn't any different.

"I'll bet you a dollar to a donut that we'll see pump-and-dump extortion schemes, playing on the SEC move. They have the power to use spam to halt stock trading. They already have access to the botnet to do it so it's free and easy to them.

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.