Video Screencast Help
Identity and Authentication Services

The Magical Defense against the "Pump and Pump" Scam

Created: 11 Aug 2008 • Updated: 08 Aug 2012
vipblog's picture
0 0 Votes
Login to vote

By Yohai Einav, VeriSign Senior Fraud Analyst

What happened to good ol' fraud?

There's a new trend in online fraud today - it is getting more brutal.

A few years ago, when a fraudster wanted to get your online banking credentials, he would send you a phishing email, asking you kindly to send him your bank's login and password; today, he would simply infect your PC with malware, then take your details by force.

Fraudsters not believing in the goodness of mankind and taking things by force?! Yes - we live in crazy times.

The brutal trend doesn't end with phishing. The same evolution happens today in the online brokerage world with the "Pump and Dump" scam.

Pump and Dump 1.0

The classic Pump and Dump scam is one of the oldest tricks in the book. Its guiding principle is simple: if you can buy a worthless stock for a very low price (typically micro-cap companies), then sell it quickly for a much higher price, you can become rich (you probably haven't heard this principle before).

So, how do you turn something worthless into something valuable in a short period of time?

The answer, until recently, was - "persuade enough dupes to buy the stock, and make the market price to go up". How do you persuade enough people? Well, 200 years ago (when the Internet was still a secret known to few) you would spread false rumors about "a swell stock" in tea parties, or in a horse cart on the way to work. Today you would simply send a professional-looking spam email to millions, giving an expert recommendation on the stock.

Pump and Dump 2.0

But that classic, mainstream scam has changed. The "Brutal Pump and Dump" of the day is not about persuading people; it is about taking command over their trading accounts.

How does a brutal Pump and Dump work?

First, the fraudster buys shares of a penny stock through his personal account. At this point the share price is very low. The fraudster then logs into multiple compromised trading accounts in one or more brokerage firms. Once there, he liquidates the stock portfolio in these accounts and uses the free money to purchase shares of "his" penny stock. The rest of the process is quite obvious: the share price of the penny stock goes up (usually by 10's or 100's of percent), and it's time for the fraudster to capitalize on his investment.

Return on investment of 100%-200% for one hour of work? Not a bad deal.

One person's gain
We all know the old saying - "one person's gain is another person's loss"; but what can we do when it's "many persons' loss to one person's gain"? Can we stop this loss from happening? Is there a magical defense against these dark arts?

Well, defense exists, although it is not fully magical. It mainly consists of special rules, configurations, comparators and behavioral engines. And it can block most of the brutal Pump and Dump. Get further details about VeriSign's solution. If you still feel you need a magical addition to your Pump and Dump defense, kindly contact JK Rowling.