Scam of the Month - Pump and Dump

from the October 2006 Actrix Newsletter
by Rob Zorn

This month we'll have a quick look at what's called the "Pump and dump scam". I get a number of these in my inbox each month. Most are poorly written, rife with spelling errors, and look like they've been designed by pre-schoolers. Nevertheless, people all around the world fall victim to them.

The "Pump and dump scam" works by encouraging armchair investors to put a heap of their cash into a particular firm's stock. The scammers put out millions of spam e-mails containing bogus insider information abut how stock values for this particular firm are about to surge.

The scammers have bought stock in the firm at low prices, and their goal is to quickly inflate interest in order to ramp up share prices so they can sell at a profit before the inevitable crash and burn. Meanwhile those duped are left holding possibly worthless shares.

Most of these scams are thought to take place without the knowledge of firms that are the subject of the scams, and Sophos reports that pump-and-dump stock campaigns currently account for approximately 15 percent of all spam, up from 0.8 percent in January 2005.

It's obviously big business, and worth the work the scammers put into it. If only these people used their ingenuity and powers in the interests of niceness...

Anyway, you can see a typical "Pump and dump scam" e-mail here. You'll notice a couple of things. Firstly, all the information about the company in question - LINTL or LITL, depending on which is the spelling error - is actually an image. It's a picture of text, rather than text itself. This makes it much harder for a spam filter to detect what the message is really about because it can't use key words to assign a "spam score" to the e-mail.

However, spam filters are wise to the fact that a lot of spam comes as images, and they will be suspicious of any e-mail that is just a large image. Therefore the scammers have added a heap of random actual text to the bottom of the e-mail. This random text will have nothing to do with anything spam-related, so it won't alert the spam filters. Spam filters are looking for frequent use of words like erection, Cialis and lottery. In our example, there's a lot of random text about Google. The filters see text and an image (and they don't actually read an e-mail so they can't tell whether or not its sensible) and let it through.

Have a look at your Spam folder by logging into My Actrix ( and you'll probably find a few of these that have been caught because the random text itself or the characteristics of the image have been identified. You can be sure, however, that the spam-scammers are rotating the random text and changing the nature of the image frequently, too, in a further effort to stay ahead of spam filters. Therefore there are always going to be some that get through.