By Matt Sergeant
August was a busy month for cyber criminals, according to the August 2011 Symantec Intelligence Report. While phishing levels were one in 229.9 forCanadathis month, spammers were also busy taking advantage of the recent financial market fluctuations.
“Pump-and-dump stock” scams have become popular among hackers hoping to generate profits on intentionally overvalued penny stocks, or highly speculative common stocks traded at less than a dollar. Just as they sound, “pump-and-dump stocks” are promoted (“pumped”) by their owners in order to inflate the price of the stocks as much as possible so that they may then be sold (“dumped”) before their valuation decreases to the original price. Using this scam, cyber criminals attempt to convince the prospective mark that the penny stock is actually worth more than its valuation, or that it will soon skyrocket, using false or misleading information.
When successful, these misleading scams can artificially drive up the price of the stock to a point where the scammers decide to sell their shares, ending the spam campaign and lowering the stock’s valuation back to its original price.
Most “pump-and-dump” stock email scams have been targeting North American users, and can be identified by the random line breaks and spaces between words and sentences, or poorly translated texts within the body of the message or email subject lines.
Examples of email “pump-and-dump”stock scams
[August 2011 Symantec IntelligenceReport]
As cyber criminals continue to leverage timely news and events to steal confidential information for profitable gains, online users should consider best practices when surfing the web or opening emails at home and in the workplace. Aside from installing and updating the latest Internet security and antivirus software, users should be suspicious of emails from unknown sources with subject lines referencing timely news or events or obscure topics. Users should also exercise caution when opening attachments and URLs in emails and on social networking sites, even if they are being shared by friends and colleagues.
Matt Sergeant, is a senior anti-spam technologist for Symantec Corp.