Stock Scammers Phish, Pump, and Dump
Friday March 16, 2007 at 10:19 am CST
Posted by Kevin McGhee
The SEC have continued their hard line actions against stock spammers discussed in my recent blog and are now targeting phishers.
The US Justice Department have issued a press release about three Indian men who have been indicted on charges of conspiracy, fraud and aggravated identity theft stemming from a high-tech, international fraud scheme designed to hijack online brokerage accounts for profit. In one example a scammer purchased 32,000 shares of stock in a company at prices from $2 to $3.20 per share with his own online brokerage account. The same day the scammers logged into an unsuspecting investor’s account and illegally acquired 26,000 shares of the same stock at prices from $2.84 to $3.40 per share, causing the stock’s trading volume to rise to more than nine times its 15-day average. Then in 22 transactions within a few hours they sold 30,700 shares yielding a substantial profit.
These guys have been buying stocks at a cheap price with their own personal online brokerage accounts, then logging into other people’s accounts with login details they have previously phished and buying huge amounts of the stock in order to inflate the price. When they are happy with the stocks inflated price the scammer sells or “dumps” the shares they have legitimately purchased.
This is a further insight into the negative effects of the phishing campaigns we prevent on a daily basis. It is not unusual for us to see phish emails for online brokerage accounts like the image below taken from a recent one.
To the unsuspecting recipient this might look like a legitimate email from Etrade, but clicking on the image in the email brings you to a fake etrade login page at a .jp domain. Even the link could be confused for a legitimate etrade.com link because of the way the phisher has crafted it:
http://global.etrade.com.memberdir.id645850717.phishdomainhere.jp/member.do
Clicking on this link would bring you to phishdomainhere.jp rather than etrade.com.
This is yet another reminder of the dangers of phishing and how these scammers can use a simple username and password for an online account to make a lot of money at your expense.