Stock Scam Highlights Growing Spam Threat
August 20, 2007
A company in Florida that operates convenience stores and wireless technology retail outlets was hit this month by a massive “pump-and-dump” scam, in which fraudsters used spam e-mail messages to drive up its stock price so they could then sell shares at a profit.
Scams such as the one directed at people who own stock in Fort Lauderdale, Fla.-based Prime Time Group Inc. now account for a significant percentage of all junk e-mail, according to security software vendor Sophos PLC.
“In 2005, less than 1% of spam was pump-and-dump,” said Ron O’Brien, a senior security analyst at Sophos. “Last year, it was 25%. It’s now fast approaching the numbers for prescription medicines and ‘performance- enhancing’ drugs.”
O’Brien also claimed that there was a direct connection between the Prime Time spamming and widespread, ongoing virus attacks that began in early July, using malware-bearing messages purporting to be electronic greeting cards.
“The machines infected by those attacks are the same ones that were used to relay the [pump-and-dump] spam,” O’Brien said. “[The attackers] set up the infrastructure for the spam more than a month before they started sending it.”
The Prime Time mail surge broke single-day message-filtering records at several antispam vendors. Sophos first noticed it on Aug. 8. By the next morning, the company’s spam traps had stopped more than half a billion messages, O’Brien said.
The bulk mailings appear to have contributed to a substantial increase in the trading of Prime Time stock and a 57% jump in its price. On the morning of Aug. 9, though, the bottom fell out. The stock price dropped to its previous level, and it went even lower last week.
Prime Time initially said it was ordering a comprehensive list of shareholders to try to identify possible short-sellers. On Aug. 10, the company issued another statement verifying that “several” spam messages had been sent to investors.
Other companies targeted in pump-and-dump scams have beefed up their online security and fraud-detection technologies. For example, TD Ameritrade Holding Corp. installed new antifraud tools and reconfigured its existing ones after some of its online brokerage customers were victimized by a pump-and-dump scam last year.