Stock pump-and-dump spam makes comeback
News of the global debt crisis is driving pump-and-dump stock scams in volatile markets, enabling spammers to make profits by artificially "pumping" up stock prices so as to sell cheaply purchased stocks, note a new report by Symantec.
Released Monday, the Symantec August 2011 Intelligence Report revealed that spammers are seeking to reap from fluctuations in the turbulent financial markets, by sending large amounts of spam related to certain "pink sheets" stocks, in an attempt to "pump" the value of these stocks before "dumping" them at a profit.
"Pink sheets" are typically over-the-counter stocks of companies that are not required to submit financial statements to the U.S. Securities and Exchange Commission.
"With the world still reeling from the recession, the stock markets are now in turmoil from the increasingly global credit crisis and the specter of a 'double dip recession', whereby the [world] economy is expected to again tank after a brief rally," said Samir Patil, a security researcher at Symantec, in a blog post.
According to Paul Wood, senior intelligence analyst at Symantec's cloud business, scammers can make "substantial profits in a matter of days" with well-executed pump-and-dump spam campaigns. "In the current turbulent environment, many people may be convinced to invest in stocks that scammers claim will benefit from the market turbulence," he pointed out in a statement.
In a typical pump-and-dump stock scam, spammers promote certain stocks to inflate the price as much as possible so they may then be sold before their valuation crashes back to reality, said Symantec. The spam for these scams tries to convince the prospective investor that the cheap or penny stock is actually worth more than its valuation, or that it will soon skyrocket.
However, most of these claims are misleading or false, the vendor warned in its report.
In a successful campaign, the influx of spam will artificially drive the stock's price to a point where scammers decide to sell their shares. This usually coincides with them ending the spam campaign, which could reduce interest in the stock, helping to drive the valuation back to its original low price, which could also be exploited in the market.
Most of the pump-and-dump spam originate from the United States and China, while a percentage is being generated from other countries in Asia. The majority of the attacks target North American users, Symantec revealed.
The report also noted a deluge of penny stock spam promoting Resource Exchange of America Corp (RXAC.PK) stocks whereby messages were full of irrelevant line breaks and spaces between words.
The e-mail headers contained broken words such as "Stoc ks" and "m oney" with poorly translated non sequiturs throughout the message such as "United States still an AAA country, Obama says?!".
Other examples of e-mail subjects include "Stoc ks Ready to Bounce?", "There is a MASSIVE PROMOTION underway NOW!" and "Been right on the m oney".
In order to avoid falling prey to e-mail scams such as pump-and-dump scams, users should create a spam filter, never respond to spam and get multiple e-mail addresses for multiple purposes, Stephanie Boo, regional director for Symantec's cloud business, advised.
"The Internet world is a borderless one. Today's volume and sophistication of threat activities have increased substantially and cybercriminals continue to be motivated by financial gains," she said in an e-mail. "Pump-and-dump scams are just one of the many tactics that cybercriminals leverage to attack consumers and enterprises alike."