Spammers lead pump and dump campaign
- 06 July, 2006 12:05
Spammers are profiting from share manipulation by coaxing victims into investing in junk bonds.
The spammers purchase cheap shares (which artificially raises the stock price) and sell them off as victim investment raises their value further.
Internet security analyst firm Sophoslabs calls the spam technique a "stock, pump and dump campaign" and said it accounts for about 15 percent of all spam, up five percent from last year.
Sophoslabs' head of technology for Asia Pacific Paul Ducklin said the campaign is effective because it uses the stock exchange as a legal forum, rather than offering malicious attachments or links, or attempting to gain personal details.
"The call to action is that you go away and invest in legitimate, legal companies which are totally disconnected from the malicious spamming," Ducklin said. "There are no malicious links or applications in the e-mails, so the user feels safe."
He said inexperienced users are convinced of the scam's legitimacy when they see the share value rise on the exchange.
"When these junk bonds rise sharply in value it is almost too much of a coincidence to believe they are legitimate," he warns.
Ducklin said that although he has not seen spammers using the ASX (junk bonds are usually de-listed), campaigns are not restricted by national borders.
"A spammer could live in Venezuela, selling stocks from Canada via a botnet in Israel to customers in Australia," he said.
Users need not be gullible, according to Ducklin. He said spammers steal professional designs and replace minor details to include the junk bonds and an almost invisible code designed to fool anti-spam software.
"It's not difficult to create the flyers; you rip the content from professional marketing campaigns and change the details to match the share you're selling," he said. "The better versions have faded text designed to be difficult to see with a naked eye, but is enough to fool some conventional spam software."
Sophoslabs reported several examples of the spam campaign which used a small cosmetics company and an e-mail string telling users to sell particular shares rather than buy - most recently in a company called Digital Learning Corporation.
Sophoslabs' senior technology consultant Graham Cluley said the same degree of caution used when opening unsolicited e-mail attachments or supplying personal details should also be applied to any purchase or response based on unverified stock advice.
"People should think twice about why someone they've never heard from before might be telling them which shares to buy," Cluley said.
Ducklin recommends a "don't try, don't buy and don't reply" method and said this should be applied to any e-mail that requests credit details, identification or investment.
"The 'don't try' is particularly important - users feel comfortable because they are buying from the market, not the scammers," he said. "We used to say [the campaigns] are almost too good be true; now we say they are simply false."