Spotting stock spam

The whole stock spam situation is getting a little ridiculous. First we had
simple text in an image then, when we plugged OCR engines into our spam
filters, we had distorted text in an image, then when that damage was routed
around, we had distorted text on a psychadelic background. A little later on we
got rotated distorted text on a psychadelic background. Very recently, we got
the next step in the arms race, all of the above embedded in a PDF file.

Someone somewhere must be making money from these penny stock scams, enough to
make it worth their while to keep upping the bar. The PDF file idea is neat
but assumes the mail client of the recipient will display a PDF inline. Some
do, some don’t and we all obey the “Never open a binary you weren’t expecting”
safe hex guideline, right?

Wrong, of course.

Stock spams will carry on being sent for as long as enough people make the
price needle shake just sufficiently in the right directions so as a sharp
trader can wring a profit out of the deal. The stocks “advertised” in these
spams are invariably pink sheet. The fact they have to resort to probably
legally dubious, and certainly morally dubious, methods of bumping the price
should surely be a large neon pointer that something is amiss. Alas, on
average, people are stupid.

At the last Fotango hackday, I spent a
little bit of time working on a SpamAssassin plugin that picks out one of two
characteristics of these emails and scores them just a little bit. I have been
running the plugin on my front end mail servers and, yesterday, the plugin
flagged over 400 messages. Knowing my mail setup this means that this
represents somewhere between 5 to 10% of the actual number of messages that
were sent. I only filter mail for a few hundred domains so if we scale the
numbers up even a little bit, someone somewhere is really keen on
generating even the tiniest of interest in the symbols in question.

The low value of these stocks means that vast numbers of shares must be traded
to make the kind of money that would make such low-handed tactic worthwhile.
To my knowledge, stock trades are all recorded. Surely it can’t be that hard to
match the symbol in question up to a heavy purchase followed by a heavy sell?
This would surely make it possible to identify the individuals and, I’m sure,
companies who see saturating your mail server and polluting your inbox as an
easy route to a quick profit.

Leave a Reply

Your email address will not be published. Required fields are marked *