ITsecurity
twitter facebook rss

All Hands to the Pump (and Dump)

Posted by on April 19, 2017.

A few years ago, even before I started working directly with vendors in the security industry, ‘Pump and Dump’ scams were a major nuisance. Here’s a description from a paper Andrew Lee and I wrote after I started working with ESET.

Pump and Dump (or Hype and Dump) mails are designed to inflate the value of stock temporarily by hyping it to potential small investors. Typically, the scammer will buy a large amount of next-to-worthless stock, and then hype the company through spam, hoping other investors will buy it, thus inflating the price. As these duped investors buy stock, its value rises till the scammers sell off their shares at the now inflated price. They then stop hyping the stock and it falls in value, and typically the new investors sustain a financial loss. These mails are still often seen as a minor nuisance, but are rising in volume and widening in geographical scope, and there is evidence that organized crime is making a great deal of money this way.

At that point, this type of scam was still common and had become fairly sophisticated, at least in terms of avoiding detection by anti-spam products. But its impact fairly swiftly declined. I don’t know how prevalent it actually has been in recent years, but it had pretty much slipped off my radar: I wasn’t seeing it in my spam traps, and I wasn’t seeing it reported elsewhere. Not, at any rate, until Paul Ducklin reported a heavy upsurge in Pump and Dump, suggesting that:

‘…the “resting” Necurs zombies still out there and undetected have been called back into service.’

For Virus Bulletin, Martijn Grooten followed up with some references to other sources. And, sure enough, I found similar mails in my own spam traps at around the same time, from scammers claiming that shares in penny stock company InCapta (INCT) were about to soar in value due to a takeover. One message claimed that:

INCT specializes in the manufacturing of high-end specialized drones with real-world applications such as automated dispatching for news coverage by companies like CNN all the way to miniature drones which can be used to gather intelligence for the military, private investigators and police.

This doesn’t seem to be the case: InCapta appears to be a media company with no foothold in the world of drone technology. However, Pump and Dump scans tend to exploit thinly traded companies, about which there is often very little easily-obtained information. Another message claims that the company has:

‘… proprietary algorithms which essentially bring drones to life. These algorithms give the drones the capability to act independent of a physical operator.’

Just what the world needs: skies full of uncontrolled drones…

Subsequently, I’ve become aware of a barrage of similar messages relating to Quest Management (QSMG), a company that apparently distributes fitness equipment. However, the messages I’ve been seeing claim that it is about to make an announcement about a somewhat miraculous cure for cancer. Some of these claims remind me of those posts on social media that tell you how the pharmaceutical industry is suppressing the information that huge volumes of unrelated forms of cancer can be cured by taking a substance that generates cyanide or by eating green vegetables. For instance, one message claims that:

While this isn’t a one hundred percent method, it works good enough to save over 50 million lives a year.

You’d think that would be hard to keep secret, wouldn’t you?

Some of these messages certainly had an unhealthy effect on my blood pressure, perhaps because I spent quite a few years working in medical research environments, and many of these claims just don’t stack up. And according to a comprehensive article by Dynamoo, the stock has already crashed and burned. In fact, the spam hasn’t stopped at time of writing, so the scammers may well be hoping to get another shot at a substantial payday. But by the time you read this, this particular crop of scammers may have turned its attentions to a completely different market sector, so rather than detailing those medical improbabilities, let’s look at some of the less topic-specific characteristics of this type of scam, at least in its present form. (In fact, some of these will also apply to quite different scam types.)

  1. A barrage of emails, all apparently from different people, advising you to invest in the same company. Automated spam campaigns spread through botnets generally go for volume, not fine-grained targeting, so it’s likely that you’ll get mail from quite a few (faked) email addresses. They’re often faked because the scammer doesn’t need you to interact with him directly: all he wants you to do is buy stock, which will push up its value. Fortunately, the fake addresses currently used are quite likely to trip anti-spam filters, so you may not see them at all. But if you do, it’s reasonable to be suspicious of several people you’ve never heard of, all offering you investment tips and information that’s supposed to be confidential. For example:
    ‘I know of a cutting edge company that has just completed the development of a new life saving medicine. A friend who works at a high position, at a secretive place told me about it.’
    If you’re told that the information is ‘for your eyes only’, it’s worth wondering what you’ve done to deserve this special treatment from a complete stranger. In a more fine-grained attack, you might actually receive mail with the spoofed address of someone you do know, but that’s not what I’m seeing right now.
  2. Almost invariably, this ‘information’ comes from ‘a friend of a friend’, like the case above. Here’s another.
    ‘I have a good friend who works at the fda, and from time to time he tells me about things before they happen.’
    This ‘anonymous friend’ is a common characteristic of hoaxes too.
  3. One common approach seems to be to tell you that you’re on a mailing list. If you’re pretty sure you’ve never signed up for investment advice, why would you trust unsolicited advice? Especially if you know that this type of stock fraud is basically about inflating the value of stock for the benefit of someone who currently holds it, not about helping you to make money.
  4. As with other scams (bank phishes, for example), there’s a clear intention of rushing you into a rash action. You’ll be told that you need to act quickly, before an official announcement is made. Again, if you’re told to act quickly to get ‘ahead of the herd’, you might want to ask yourself how you came to be regarded out of the blue as a herd leader.

Of course, the actual companies targeted for stock fraud are not necessarily complicit in the fraud: it’s (some of) the people trading the stock that are making the profits. And it’s not always the case that penny stock manipulation is actually illegal. But if you’re going to dabble in it, you really need to know a lot more about it.

Here are a few resources for further information about pump and dump, but I’m not going to tell you that these will tell you everything you need to know about making investments:

David Harley


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: David Harley | Tags: , , , ,