Spam on 'pump-and-dump' stock scams on the rise

By Erwin Lemuel Oliva INQ7.net

SPAM promoting pornography has been declining over the last six months but there has been an increase of unsolicited e-mail pushing so-called "pump-and-dump" stock scams, Sophos anti-virus experts have said.

"Over the last six months, we've seen medication and mortgage spam retain their notorious ranking atop the spam charts, while unsolicited pornography, though still accounting for about 10 percent of all spam, is slipping downward," said Gregg Mastoras, senior security analyst in the Lynnfield-based Sophos.

He said that the most interesting development is the increased volume of stock scam spam, representing a new financial threat to naive online investors.

Mastoras explained that the pump-and-dump stock racket aims to artificially boost the price of a company's stock by spreading misleading or false information to potential investors via e-mail.

According to the website of the US Securities and Exchange Commission, the fraudsters make money by selling their stock after the campaign results in a buying frenzy that pushes the stock price up.

"Typically targeting micro-cap companies’ stock, once these fraudsters dump their shares, and then stop advertising the stock, the price often falls, and investors ultimately lose their cash," the Sophos expert said, noting that pump-and–dump stock campaigns tend to run for short durations.

Some of the information provided in pump-and-dump spam is accurate, but the deceptive and unsolicited nature of the messages qualifies them as spam, Sophos said.

The majority of stock scam spam campaigns employ obfuscation techniques, using word variations such as "st0ck" or "stox" to avoid detection by spam filters. They also arrive in different formats, such as HTML or plain text, and are almost always sent via hijacked PCs known as zombies.

"Social engineering through e-mail, where scam artists take advantage of unsophisticated computer users, is on the rise and represents a dangerous trend," added Brian Burke, IDC Research Manager.

"Stock scams, combined with traditional phishing techniques, can result in significant financial loss for victims of these swindles."

Meanwhile, unsolicited pill or medication e-mail, including generic or non-brand name versions of Viagra and other pharmaceuticals, still account for over 40 percent of all spam traffic worldwide.