• United States



by Dave Gradijan

Computerworld: Pump-and-dump Scam Spam Switches on Video

Dec 27, 20072 mins
CSO and CISOData and Information Security

Computerworld: Pump-and-dump Scam Spam Switches on Video

Pump-and-dump stock scammers have begun spiking their spam with high-quality video clips — the latest move in a long-running scheme that in the past has relied on image files, PDF documents and even robotic audio to dupe consumers, a security company said today.

Symantec Corp. said on Monday that it had snared samples of pump-and-dump spam that linked to a high-definition video stream hyping a uranium exploration firm’s stock.

“The online video streaming is about 30 seconds long, with very crisp and clear sound, and the video quality is very impressive,” noted Jitender Sarda, a Symantec analyst, on the security vendor’s blog. “The video looks like a legitimate TV or online media commercial used by the company for advertisement.” Some of the video clips even include phony “financial analysts” who talk up the stock with a just-as-bogus “host” of a no-name stock-tip program.

The spam’s copy appears to tout the stock of Wave Uranium Holding, a Las Vegas-based company that says it has uranium claims in Arizona and other mining rights in Utah. Wave Uranium’s stock is traded on the Over The Counter Bulletin Board exchange, which deals with low-priced, low-volume shares.

“I thought you would like to see this,” the spam trapped by Symantec begins. “Jump on the Wave… Be the first to ride this opportunity. Take a look at this 60 second video to start.”

Other spam caught in Symantec’s honeypots took a different approach that used previously poisoned video search engines. “This e-mail directs the user to key words (tags) from the spam sample message,” said Sarda. “The tags are then inserted into popular video search engines and usually come up with many video records uploaded with the same or similar description of the penny stock that spammers wish to promote.”

Among the tags touted in the spam were “hot stock,” “madcap” and “pinksheet.”

Pump-and-dump scams have plagued consumers’ in-boxes all year, with messages that have included image files, synthesized speech, PDF documents and Microsoft Excel spreadsheets to evade antispam filters.

The schemes can be extremely profitable. In September, for instance, federal authorities announced that a group of stock scammers had pleaded guilty to multiple fraud counts only after they had bilked investors of over US$20 million.

By Gregg Keizer, Computerworld (US online)