Pump-and-dump stock spam works, a pair of German researchers said Thursday as they presented findings at a security conference taking place in Vancouver, Canada.
According to a report posted on the Symantec-owned SecurityFocus Web site, the researchers snared 22,000 stock-related spams between November 2004 and February 2006, then traced prices for 93 of the nearly 400 stocks mentioned in the junk e-mails.
On average, said Thorsten Holz and Rainer Bhme, academics from the University of Mannheim and Dresden Technical University, respectively, stock prices climbed 1.7 percent the day the spam went out.
And the more spam sent out about a specific stock, the higher the increase in its price.
Pump-and-dump is a tactic used by unscrupulous investors to hype a stock in the hope that the price will go up; if it does, the spam senders quickly unload their holdings for a profit.
Also on Thursday, the Securities and Exchange Commission (SEC) announced that it had filed a lawsuit against two New York men for their part in a pump-and-dump scheme that netted over $873,000.
The two, Faisal Zafar and Sameer Thawani, primarily used Internet message boards to falsely puff up stocks, often by playing on terrorism and pandemic fears. In one instance, Zafar posted messages after the London subway bombings in 2005, and claimed that the touted company was receiving a contract from the Department of Homeland Security to improve security on New York City subways. In another, he said that a stock issuer was acquiring a company which produced avian flu vaccine.
A federal court has frozen the men's assets.
"The defendants preyed on innocent investors by using the relative anonymity of the Internet to manipulate the market," said David Rosenfeld, an SEC associate regional director, in a statement. "We have acted today to stop a brazen fraud and hold the perpetrators responsible."
Zafar and Thawani registered scores of online identities to make it appear as if numerous people were recommending the stocks. They sometimes posed as moderators of message boards dedicated to low-priced stocks, but they also used spam to spread the word.
The spam, said the SEC, alerted investors of imminent "news" about a hyped stock, and urged recipients to buy before the bogus news went public.
Pump-and-dump spam has soared, security companies have said. According to U.K.-based security company Sophos, stock-related spam went from less than 1 percent of all spam at the beginning of 2005 to over 13 percent by the end of that year.
In Holz's and Bhme's 2004-06 research, pump-and-dump spam accounted for about 3 percent of all the junk mail collected by their honeypot systems.