Pump and dump stock scams continue to be a problem for online investors and brokerages as Internet fraudsters use more strong-armed and sophisticated tactics.
Last year, pump and dump spam campaigns that hyped penny or thinly traded stocks were pervasive. According to antivirus supplier Sophos Inc., such junk mail accounted for more than 30% of overall spam. In the scheme, scammers dump their shares and reap profits when stock price rises, while investors lose money when the sell off drives down the stock price.
Instead of trying to convince someone to buy a certain stock through spam, attackers now are more apt to take over online accounts in order to buy penny stock in large quantities, said Perry Tancredi, VeriSign Inc. senior product manager for fraud detection services. They're using a variety of tactics to hijack accounts, including phishing emails that trick users into downloading malware such as keyloggers, he said.
Pump and dump schemes can get scammers millions of dollars, and brokerages have to cover the losses from the hijacked accounts, Tancredi said. "It has become a real problem for brokerages," he said.
A stock scam resulted in about $22 million in combined losses for online brokerages ETrade Financial Corp. and TD Ameritrade Holding Corp. two years ago. In January 2007, the Securities and Exchange Commission (SEC) charged a Florida man with breaking into accounts at those brokerages and others in a pump and dump scheme that netted him more than $82,000. The complaint followed a separate case in which the SEC froze the assets of Grand Logistic S.A. and its owner, who was accused of defrauding investors of more than $350,000 in a similar scheme.
A recent disclosure involving LPL Financial Corp. illustrates the increasing sophistication of such schemes, said Paul Henninger, director of fraud solutions at Actimize Inc., a maker of antifraud and compliance software for financial institutions. In that case, hackers compromised the logon passwords of 14 financial advisors and four assistants in branch offices. They used the passwords to gain access to more than 10,000 customer accounts in order to pump and dump penny stocks, according to a May 6 letter from LPL to New Hampshire Attorney General Kelly Ayotte.
The attempted fraudulent transactions were intercepted and either ejected or reversed, but the personal data of customers, including Social Security numbers, was potentially exposed, said LPL, which discovered the first incident last July.
"What these guys were doing was targeting the agents, the independent broker dealers," Henninger said. "That was a major change."
In working with brokerage clients over the past couple years, his company has seen fraudsters use targeted spear phishing attacks to compromise specific types of customers and carry out pump and dump schemes. The scammers have become more adept at executing attacks in more subtle ways in an effort to evade detection, and they're attacking with higher frequency and volumes, Henninger said.
In many cases, fraudsters have scripted and automated pump and dump schemes so they can simultaneously use multiple accounts at multiple brokerages, said Craig Priess, vice president of marketing at Guardian Analytics Inc., a supplier of online fraud prevention technology.
"They may have at their disposal 20 compromised accounts to really drive up the price of the penny stock," he said. "It behooves them to be very coordinated in executing these trades, so they'll often use automation."
The stock fraudsters have honed their techniques and can execute scams in less than an hour, VeriSign's Tancredi said.
The schemes are a very big problem and easy for criminals to get away with, said Avivah Litan, vice president and distinguished analyst at Gartner Inc. Many brokerages are "trying to tackle it at the front door," by not letting attackers take over accounts or open up new ones, she said.
VeriSign recently released an add-on to its fraud detection service to combat pump and dump stock manipulation schemes. The VeriSign Identity Protection Fraud Detection Service Stock Trading Module uses rules and anomaly detection technology to detect transaction fraud in real time.
Litan said VeriSign's module sounds promising but added that detecting pump and dump scams is tricky. "You have to have a lightweight architecture and lots of great analytics," she said. "You have to be able to look quickly across lots of accounts. … It's not an easy thing, so your system needs to be agile."
She cited Austrian software company Senactive as adept at catching pump and dump fraud.