Stock spam latest scam to hit Web
Posted on Friday, February 17, 2006
URL: http://www.nwanews.com/adg/Business/146090/
E-mails touting “hot pick” stocks make up between 10 percent and 15 percent of all spam, up from less than 1 percent at the start of 2005, according to Graham Cluley, a United Kingdom-based consultant with Sophos, an Internet security firm.
And that figure may only be the tip of the iceberg, Cluley said. The stock version of spam, unsolicited bulk e-mail, is easy to send and hard to trace.
In the scam, known as “pump and dump,” an investor in a weak stock will use mass e-mails to convince other investors that the company is about to break out. Then, when the stock’s price rises, the original investor sells, often leaving the newcomers with rapidly deflating shares in a shaky company.
The stocks being hyped typically trade outside the major exchanges, often for less than $ 4 per share. E-mails, often designed to look like newsletters or news releases, promise that an imminent event will cause shares to double or triple in value.
They rarely do.
Joshua Cyr, chief technology officer at Savvy Software Inc., a Web content firm, in May started an imaginary portfolio composed entirely of “penny stocks” advertised in spam e-mail. Of 86 stocks tracked at his Web site, spamstocktracker. com, 63 have lost value since he “bought” shares. Out of the losers, 29 now trade at less than 25 percent of their starting value, and 10 went bellyup.
He said the lure of a quick buck — and not having to fork over credit-card information to an anonymous spammer — can cause normally shrewd people to invest.
But that same anonymity that appeals to potential investors may also account for pump-anddump spam’s sudden rise.
The lack of direct interaction with customers allows the e-mails to slip past even the most sophisticated spam filters, which check for warning signals, such as a link to an online order form.
It also leaves no trail back to the sender.
Pump-and-dump spammers never interact with their victims beyond the original e-mail hyping a stock. That removes the “footprint” of a Web site or credit-card transaction that anti-spam forces typically use to pursue their targets, said Brian McWilliams, author of Spam Kings, a book profiling several spammers and the vigilantes and regulators who brought them down.
The e-mails themselves are usually sent through hacked computers, so the address that appears to be the sender’s is not the actual originator of the spam, McWilliams said.
“The cliche in investigating spam is true for investigating anything : Follow the money,” McWilliams said. “That’s just so hard to do here.”
The Securities and Exchange Commission so far has taken action against only a handful of perpetrators, according to the Web site of the Office of Internet Enforcement.
But the list of suspects is always long.
“Sometimes [the company ] knows what’s going on,” said Thomas Sporkin, deputy chief of the Office of Internet Enforcement. “Sometimes a shell company has taken over and is intent on raising the value of a stock. Sometimes a company’s unaware of the intent of a third party to manipulate the stock.”
Spam that advertises Ever-Glory International Group, a California-based apparel manufacturer that operates in China, began when it acquired a public company and changed its ticker symbol on Jan. 12.
Although Ever-Glory announced no major news over the next week, its trading volume rocketed from next to nothing to a peak of nearly 300, 000 on Jan. 17. Its price rose from under 50 cents to about $ 2. 75 per share over the same period.
The spam has continued, but volume has fallen off, to 6, 550 shares traded on Wednesday. Its closing price that day was $ 1. 85.
“We did not ask anybody to do that,” said Sarah Liu, a company spokesman. “We’d never do that.”
Cluley said there’s no way to tell whether a company is taking part in spamming about its own stock.
But, he added, there’s no direct incentive for a spammer to hook in with the company he’s pumping.
“I’m sure a lot of companies have been totally and utterly innocent regarding this,” he said.
Even if pump-and-dump spam is untraceable, it could diminish on its own.
In 2004, “phishing” exploded, with spammers sending e-mails imitating bank and credit-card companies to trick people into revealing sensitive financial information.
But as Web users became more savvy, phishing became less effective. Although it hasn’t gone away, Sophos and other spam trackers report that stock scams have overtaken phishing.
“Spammers don’t keep this stuff up for long if it doesn’t pay back,” McWilliams said. “They are profit-driven creatures.”