On average, stock prices climbed almost 2% the day the spam went out, according to two university researchers. And the more spam sent out about a specific stock, the higher the increase in its price.
Pump-and-dump stock spam works, a pair of German researchers said Thursday as they presented findings at a security conference taking place in Vancouver, Canada.
According to a report posted on the Symantec-owned SecurityFocus Web site, the researchers snared 22,000 stock-related spams between November 2004 and February 2006, then traced prices for 93 of the nearly 400 stocks mentioned in the junk e-mails.
On average, said Thorsten Holz and Rainer Bhme, academics from the University of Mannheim and Dresden Technical University, respectively, stock prices climbed 1.7 percent the day the spam went out.
And the more spam sent out about a specific stock, the higher the increase in its price.
Pump-and-dump is a tactic used by unscrupulous investors to hype a stock in the hope that the price will go up; if it does, the spam senders quickly unload their holdings for a profit.
The two, Faisal Zafar and Sameer Thawani, primarily used Internet message boards to falsely puff up stocks, often by playing on terrorism and pandemic fears. In one instance, Zafar posted messages after the London subway bombings in 2005, and claimed that the touted company was receiving a contract from the Department of Homeland Security to improve security on New York City subways. In another, he said that a stock issuer was acquiring a company which produced avian flu vaccine.
A federal court has frozen the men's assets.
"The defendants preyed on innocent investors by using the relative anonymity of the Internet to manipulate the market," said David Rosenfeld, an SEC associate regional director, in a statement. "We have acted today to stop a brazen fraud and hold the perpetrators responsible."
Zafar and Thawani registered scores of online identities to make it appear as if numerous people were recommending the stocks. They sometimes posed as moderators of message boards dedicated to low-priced stocks, but they also used spam to spread the word.
The spam, said the SEC, alerted investors of imminent "news" about a hyped stock, and urged recipients to buy before the bogus news went public.
Pump-and-dump spam has soared, security companies have said. According to U.K.-based security company Sophos, stock-related spam went from less than 1 percent of all spam at the beginning of 2005 to over 13 percent by the end of that year.
In Holz's and Bhme's 2004-06 research, pump-and-dump spam accounted for about 3 percent of all the junk mail collected by their honeypot systems.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.