German Stock Spam

Filed Under: SophosLabs, Spam

Whether it be in text or image format, stock spam in English is nothing new. However, over the past few months SophosLabs has noticed a surge in German stock spam which initially started purely as text based spam, and is now coming in both text and image formats.

German Text Stock

It seems spammers are taking the methods they've been using for a while now in the US stock markets (OTCBB and Pink Sheets), and repeating the same thing with the German Stock Exchanges (specifically the Frankfurt Exchange) where they both seem to be targetting penny stocks. These are referred to as pump-and-dump campaigns.

The way they work is a spammer will go and buy some stock in a company that is very cheap, send out millions of messages in hopes that people will take the advice of buying stock in this company, then when the value of their stocks goes up they'll sell their shares for a quick and easy profit. By the time the rest of the people realize what has happened, the value of the stock will have dropped, sometimes lower than where it started.

So what is it that's tricking people into investing in these stocks? Your typical stock message consists of a stock symbol, a description or press release of the company, their current value and 5 day forecast with an expected rise in value %. In order to bypass simple body content match filters, they insert random words called a hashbuster around the message which changes with each email, making them all unique. With stock images, they will generally have a similar message about a certain company, except instead of having hashbuster text around it, they will make very minor changes in the image such as changing the colors, changing the dimensions, adding random pixels to the image, and so on.

Spammers must have realized there's money to be made in places other than North America, and if it works on people on this side of the Atlantic, it's bound to work on the other side as well. An interesting trait we've noticed about these recent campaigns is that it seems to be targeted to European email addresses, which makes sense since that's where the people who can read these emails are most likely going to be.

I'm curious to see if stock spam will evolve into other countries' stock markets and languages.

For those interested in the topic, refer to the Sophos news article released in March found here.

You might like