Spammers have been busy thus far in 2014. One group in particular has been especially active over the past 10 days. We have been following a massive spam campaign that is undertaking the classic “Pump and Dump” stock scam with unusual relentlessness. If you are unfamiliar with the scam, it goes like this… The scammers buy shares in a penny stock (usually one costing less than $1 per share). Once they have taken their position (in this case snapping up shares of Rich Pharmaceuticals, Inc), they send massive amounts of spam to users around the globe to generate interest in the stock. Believe it or not, there are plenty of people willing to make stock purchases based on a “tip” they received from a source as suspect as an unsolicited email. Once these real world investors have bought shares and “pumped up” the stock price, the scammers will “dump” their shares and reap the profit. This might sound very familiar to some of you since it is nearly indistinguishable to the plot of the recent film “The Wolf of Wall Street”. The only real difference being that the scammers used cold calling instead of spam emails in the film.
Early this morning, in a very ironic fashion, the spammers started using the name Oakmont Stratton in the [from:] field within their emails. We quickly noticed the striking resemblance to the firm Stratton Oakmont that appears in the recent Scorsese film. We couldn’t help but wonder if the scammers found some inspiration in the film and felt influenced to use the name. Of course, the cybercriminals are never short on tactics to pique people’s interest. They have been changing the sender address along with other message details several times a day. Another version of these messages we have been seeing today appear from “JtMorgan” which is almost as reputable as JP Morgan.
Here is a look at one of the messages:
This campaign is quite unique as far as “Pump and Dump” spam campaigns go. They have been pushing the same stock for longer than we see on average. Also, they have created a remarkable amount of variables in the generating algorithm for these messages, enough to continue sending unique versions of this message for days on end. Last, the amount of bandwidth behind this campaign is also quite notable. We have consistently quarantined over 1 million messages per hour from this one campaign. At times this spam has accounted for as much as 15 percent of total spam traffic.