Computerworld: Pump-and-dump Scam Spam Switches on VideoPump-and-dump stock scammers have begun spiking their spam with high-quality video clips — the latest move in a long-running scheme that in the past has relied on image files, PDF documents and even robotic audio to dupe consumers, a security company said today.Symantec Corp. said on Monday that it had snared samples of pump-and-dump spam that linked to a high-definition video stream hyping a uranium exploration firm’s stock.“The online video streaming is about 30 seconds long, with very crisp and clear sound, and the video quality is very impressive,” noted Jitender Sarda, a Symantec analyst, on the security vendor’s blog. “The video looks like a legitimate TV or online media commercial used by the company for advertisement.” Some of the video clips even include phony “financial analysts” who talk up the stock with a just-as-bogus “host” of a no-name stock-tip program. The spam’s copy appears to tout the stock of Wave Uranium Holding, a Las Vegas-based company that says it has uranium claims in Arizona and other mining rights in Utah. Wave Uranium’s stock is traded on the Over The Counter Bulletin Board exchange, which deals with low-priced, low-volume shares.“I thought you would like to see this,” the spam trapped by Symantec begins. “Jump on the Wave… Be the first to ride this opportunity. Take a look at this 60 second video to start.” Other spam caught in Symantec’s honeypots took a different approach that used previously poisoned video search engines. “This e-mail directs the user to key words (tags) from the spam sample message,” said Sarda. “The tags are then inserted into popular video search engines and usually come up with many video records uploaded with the same or similar description of the penny stock that spammers wish to promote.”Among the tags touted in the spam were “hot stock,” “madcap” and “pinksheet.”Pump-and-dump scams have plagued consumers’ in-boxes all year, with messages that have included image files, synthesized speech, PDF documents and Microsoft Excel spreadsheets to evade antispam filters.The schemes can be extremely profitable. In September, for instance, federal authorities announced that a group of stock scammers had pleaded guilty to multiple fraud counts only after they had bilked investors of over US$20 million. By Gregg Keizer, Computerworld (US online) Related content news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Malware Cybercrime news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO CSO and CISO CSO and CISO news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe