Hoping to tackle the growing problem of pump-and-dump stock scams Microsoft has quietly filed lawsuits against at least three alleged perpetrators who it says used its MSN Hotmail networks to promote stocks.
Hotmail has “received large volumes of unsolicited commercial e-mail messages” promoting stocks for companies such as Distributed Power, TGC Ventures, China Biolife Enterprises, and Irwin Resources, according to court documents filed during April and May in King County Superior Court in Seattle.
Microsoft charges the defendants with violating the federal CAN-SPAM act as well as Washington state consumer protection laws, and is seeking unspecified damages, according to the filings.
Pump-and-dump e-mail scams are a form of fraud where the criminals purchase stock in a company — typically an inexpensive penny stock — and then promote the equity in millions of unsolicited email messages.
The technique is one of the more lucrative spamming practices, and has been “the fastest growing area in spam” over the past few months, said Craig Schmugar, a threat research manager with McAfee’s Avert Labs.
Pump-and-dump spam has not only taken up resources and threatened the smooth functioning of Hotmail, but it “continues to result in significant costs to Microsoft,” the court filings state. Microsoft executives were not immediately available to comment for this story.
Because Microsoft does not know the name of the spammers behind the unsolicited e-mails, it has filed the lawsuits as “John Doe” cases, giving it the power to subpoena information in the case and ultimately name the parties responsible when they are uncovered.
It’s the latest move in the cat and mouse game between pump-and-dump spammers and the technology companies trying to stop them.
Pump-and-dump scams are gaining more attention from criminals and companies like Microsoft for one simple reason: they work. Researchers at Purdue and Oxford Universities recently
] the dynamics of pump-and-dump and found that spammers could realize 5 percent returns in a single day.
Because these scams are so lucrative, they’ve attracted some of the most technically competent spammers to develop new techniques, said Adam O’Donnell, a senior research scientist at Cloudmark. “The pump and dump schemes are basically driving spam research and development,” he said.
Primarily, this research has centered around the creation of templates that can be used by infected PCs to create spam messages and on a form of e-mail known as image spam, O’Donnell said. These image spam messages look just like any other e-mail, but are in fact .jpg or .gif images.
Image spam is also particularly well-suited to pump-and-dump because the fraudsters don’t need victims to click on a link for scam to work.
Over the past year, image spammers have developed a variety of techniques to confuse spam filters, said McAfee’s Schmugar. They’ve added colorful backgrounds, wavy text, and filled their messages with nonsense text to try to evade optical character recognition technologies, he said.
For example, a recent spam message promoting China Biolife Enterprises, one of the stocks named in Microsoft’s suit, contained the following message: “Symbol CBFE Price $1.55 (UP 11.51%) Target $4 Market: Bullish. Strangler minott goodnight bennett rebel rousers.”
With the jump in pump-and-dump e-mail, O’Donnell said it’s no surprise that Microsoft has brought the lawsuits. “Hotmail is heavily used and is viewed by the Web community as one of the most challenging spam environments right now,” he said.