Spammers spreading new Wolf of Wall Street scam

Millions of penny stock spam emails have been flooding inboxes, spreading a new “Wolf of Wall Street’ scam and inflating the stock values of a mineral deposit company, according to Bitdefender’s Antispam Lab.

The wave started to grow last Thursday and has quickly become the largest and most successful stock spam attack of 2014, with over 3 million unique samples to date. The transactions volume reached over 1,620,000 stocks in just a couple of days after the spam wave hit, the highest registered by the company in the last half year, according to Bloomberg.

There are thousands of UK-based IPs sending the stock spam, with the spam wave also coming from botnets with zombie computers distributed in countries including Germany, Romania, Spain, the US, India, Australia and South Korea. To boost their credibility, penny stock spammers use legitimate links to websites of reputable media outlets such as Reuters, Bloomberg, Yahoo Finance, Market Watch, and exchange leader Nasdaq.

“These are today’s most vicious wolves of Wall Street. They no longer call potential investors to inflate stock values, but use a faster approach – email spam replicated in millions of samples,” states Adrian Miron, Senior Antispam Researcher at Bitdefender. “As usual, success comes from high numbers, and our studies showed no targeted spam attack works better than a massive wave, naturally selecting the most gullible victims.”

Email subjects vary and are so general that curious victims are likely to open them. Subjects include: “Read up on this immediately,” “Christmas is here early my friend,” “Do you still want this,” and “Are you ready for this.” Once opened, the spam message reads, “Want a solid investment that will yield very quick results? We all do, and for once there’s a stock tip that’s actually worth it. This stock is going to explode today mark my words. It will be at 30cents+ before day’s end and past 65cents by month’s end. You should move quickly.”

Spam pitching inflated stocks usually focuses on a single company at a time, with a new campaign surging once every 2 to 3 months. Once the “Wolves of Wall Street’ reach a high amount of inboxes, they move to the next target. Rich Pharmaceuticals Inc. (RCHA), Rainbow International Corp. (RNBI) and Inspiration Mining Corporation (IRMGF) are among this year’s targets to date.

In addition to Bitdefender’s findings, both the Securities and Exchange Commission and the Financial Industry Regulatory Authority have also warned that stock spam messages are proliferating this year, representing the “inbox equivalent of a boiler room sales operation.”

“To monetise their efforts, fraudsters lure investors by telling them a penny stock will soon become very valuable. Known as the pump and dump scam, many are now familiar with this trick thanks to its depiction in last year’s hit movie, The Wolf of Wall Street,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “After thousands of victims buy stocks, cyber-crooks dump their overvalued shares back onto the market, grabbing high profits in the process.”

The Confederation Minerals Ltd. (CNRMF) is the latest target, a company dedicated to acquiring and developing mineral deposits in North America. Bitdefender warned the organisation that scammers are inflating its stock value through a massive spam wave, but has as yet not received a response.

Bitdefender also contacted the U.S. Securities and Exchange Commission, who said they are processing many complaints from individual investors and others. SEC Investor Assistance Specialist Doreen Mosaphir stated, “We appreciate you taking the time to alert us to your concerns; however, we are unable to comment on the matter. The SEC conducts its investigations on a confidential and nonpublic basis and neither confirms nor denies the existence of an investigation unless the SEC brings charges against someone involved.”


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss