In the last few weeks we have observed a drastic increase in “penny stock” spam emails. In 2011 Symantec published a blog entitled Global Debt Crises News Drives Pump-and-Dump Stock Scams, which also dealt with this type of spam.
Penny stocks, also known as cent stocks, are shares in small companies that trade at low prices, often as low as a few cents per share. Penny stocks are a very popular topic used by spammers. The spam emails advertise the cheap shares and state that the company is on the verge of becoming very successful and that the value of the shares will rise significantly. The emails make out that the company is more valuable than it actually is and implies that they have just created some major product or are on the verge of a breakthrough and that the share value is tipped to rise dramatically. The aim is to increase sales of the stock, which in turn raises the value, then the fraudster can sell their penny stocks for significantly more than they paid for them. This stock fraud method is known as “pump and dump.”
We are seeing various spam methods being used in stock spam such as broken words, obfuscation with irrelevant line spaces, and insertion of randomized characters in the header or body of the emails etc.
Figure 1. Penny stock spam emails
Symantec is observing an increase in spam volume related to stock spam, which can be seen in the below graph.
Figure 2: Volume trend of stock spam email
Below are the most frequently observed subject lines in these attacks:
- Subject: Stock Picking Contest, Sign Up Today
- Subject: "Before The Close" From Standout Stocks!
- Subject: A Royal Treat To Start The Week
- Subject: Expect More from this Bull
- Subject: Explosive Pick Coming
- Subject: It Is Our Hot New Trade Alert!
- Subject: Its trading levels could be Set to Explode!
- Subject: Let`s Do It Again! Tonight We Have Another Breaking Bull!
- Subject: This Company Shows Gains
- Subject: This Company shows Strength
- Subject: What a Fantastic Week! Our Members had the Opportunity to Make Some Serious Gains!
Symantec advises users to be cautious when handling unsolicited or unexpected emails and to update antispam signatures regularly. Symantec is closely monitoring these “pump and dump” spam attacks and will continue monitoring this trend to keep our readers updated.