ITBusiness.ca

Spammers use press trap to fool anti-spam engines

As anti-spam software has increased its effectiveness in guarding corporate e-mail accounts, spammers have resorted to new ways of disguising their messages to get past even the tightest filters, according to a Montreal-based security company.

Vircom, which recently published a report on a well-known spamming scheme called “pump and dump” or “hype and dump manipulation,” said spammers are now using a technique called a “press trap” to get people to read these e-mails.

The term pump and dump refers to an illegitimate e-mail that promotes a company’s stock to entice people to buy it only to have scammers rip them off by selling their shares into the market at inflated prices. This scam also has ramifications for the company, which could lose the trust of investors and the economic community at large.

Sylvain Durocher, founder and chief executive officer of Vircom, said spammers are no longer sending text messages with spelling mistakes, as they did in the early days of these types of attacks.

“Now they’re mixing press releases from the company’s Web site and embedding the actual spam into a graphical image,” said Durocher, who authored the report along with Marc Chouinard, SpamBuster’s team leader.

“All of the anti-spam engines that use text are pretty much fooled by that. That yields more people seeking the spam, which yields more people looking at the stock and buying it.”

To conduct its research, Vircom’s SpamBuster team examined thousands of e-mails that it receives in its “honey pots” each day from around the world. From there, Durocher said they were able to detect a change in the level of sophistication the spammers were using.

The teams then started tracking the stocks in the messages to see if there were impacts to them after the release of the spam attacks.

Spam expert Neil Schwartzman, chairman of the board at the Coalition Against Unsolicited Commercial E-mail, said pump and dump schemes work the same way as every other piece of spam in that they play on human frailties, which in this case is greed.

“You can only get x number of dollars for a bottle of useless pills,” said Schwartzman, referring to the typical spam that advertises weight loss pills or Viagra at discount prices. “The pump and dump scam, much in the same way as phishing, is a withdrawal of money from somebody’s account.”

Schwartzman served on the Federal Task Force on Spam, which submitted a report to former Industry Minister David Emerson in May 2006. He recently submitted a letter to the current minister, Maxime Bernier, criticizing him over the absence of laws to deal with spamming in Canada.

“The current industry minister has taken no steps to act on the task force,” said Schwartzman. “Unfortunately Bernier currently does not have a broad enough view of the problem to grasp the urgency of laws directly related to the act of spamming.”

Schwartzman has also contacted the Toronto Stock Exchange (TSX) and the TSX Venture, as well as the Competition Bureau.

Prior, manager of market supervision at Market Regulation Services Inc., which oversees trading on various markets, including the TSX, said the pump and dump scams aren’t really prevalent on the aforementioned markets but are similar to legitimate research on a given company’s stock.

“There’s a lot of legitimate research that’s distributed the same way,” said Prior. “There’s a fine line between someone who truly believes what they’re saying and an outright scam.”

Prior said the Ontario Securities Commission (OSC) over the last couple of years has had “Internet days,” where they work with other law enforcement agencies in Canada and the U.S. to look for pump and dump schemes on the Internet.

Prior said the problem of scammers sending illegitimate e-mails to people to gain access to their online brokerage accounts is far more prevalent in his line of work than pumping and dumping schemes are at the moment.

The Investment Dealers Association of Canada recently put out an alert on its Web site, notifying brokers of this ongoing attack.

Exit mobile version