Breaking News: We're blocking a second massive wave of Inspiration Mining (ISM) stock spam that started hitting late this morning. It is in the form of text (no images) and has a link to Yahoo Finance. It reads "Check this out [link deleted] It is traded on the CanadianExchange but that's ok because it's about to go hit 15 cents before the end of the week. That's up from a current 6 cents."
How Pump and Dump Spam Works
Pump and Dump spammers try to make money by artificially inflating the price of a stock through email claiming it's about to climb (the "Pump"). If the scam works, enough people buy the stock to send the price up and then the scammers quickly sell off their shares (the "Dump"), netting a profit. Of course, the stock then plummets, leaving gullible investors with shares they can't easily sell.
About This Pump and Dump Spam
The spam started this morning, apparently designed to hit inboxes as people were their checking their email just before the U.S. and Toronto stock markets opened.
The email looks almost legitimate at first glance, with a realistic-looking header a footer that lists some awards, the recipient's email address (which we've blurred) and has unsubscribe, contact and other links. The idea is to get investors to act quickly, thinking they'll get ahead of the rush, before the price goes up. Here's a screen shot:
But a quick investigation exposes the sure signs of spam. For example:
- Grammar Mistakes: The main paragraph has numerous grammar and other mistakes in it, like missing apostrophes ("dont", "Ive"), missing capital letters ("apple", "google", "canadian"), and missing spaces ("6cents").
- Sounds Suspicious: The text reads as if it were written by someone whose native language is not English. No legitimate investment advisor would allow copy like this to go out, or send an email like this anyway.
- Bad Links: The links in the footer look good, but they don't go anywhere. Hovering over them reveals that.
- Dubious Claims: The sender claims that the price is about to nearly triple. No legitimate company would ever make such a claim.
Big Profits the Last Time
Inspiration Mining has been the subject of pump and dump spam before. The last campaign was in September, and appears to have worked, with a very brief 60% increase in share prices on both the U.S. OTC and Canadian (Toronto) exchanges. But prices quickly dropped to below their original value, and those duped by the scam probably lost a lot of money
One interesting pattern regarding this stock, which is cross-listed on two exchanges. This time the email refers to the stock's symbol on the Toronto Exchange (ISM). The last time it used the U.S. OTC symbol (IRMGF). That does not appear to make much difference. As you can see in the above chart, the prices on the two exchanges follow about the same pattern during these scams.
How We're Blocking This Penny Stock Spam
This email is designed to be tricky for IT admins and users to block without increasing the number of legitimate emails that are also blocked (known as false-positives). So they might be reluctant to block it. Since the wave was relatively short, by the time many user took action, it was probably over with and too late, and the spam had reached its target.
Because the stock is cross-listed in Toronto and the U.S., the gives the spammers more opportunities to vary their templates. They can swap different stock symbols in and out and still potentially make money, because the price on one exchange apparently influences the other.
We don't require users or IT admins to do any tuning and there is no learning period. We have professional threat analysts who analyze and block threats 24/7/365 for our customers, who have better things to do all day and night.
Also, in order to maintain high spam-blocking with almost no false-positives, we don't block based on individual "trigger" words that could also appear in legitimate email. Rather, we block based on the long phrases that we know are only going to appear in spam.
As soon as we saw this campaign, we blocked it based on several factors, include the sending server (IP address). We also detected several unique phrases and are blocking on them as well. So, we'll still be blocking it, no matter what outgoing server becomes infected by the bot that's responsible for this scam.
For More Info
SpamStopsHere works differently from other anti-spam programs. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.
Our spam review team, along with our proprietary Spamalyzer 3.0, analyzes and blocks email threats for our customers 24/7/365. That's a claim almost no other antispam provider can make.
"eFax", "Dropbox" and other marks are properties of their respective owners. This article is for informational purposes. No endorsement by third parties is implied and none should be inferred.