Wednesday, November 29, 2006


Spamming a compulsive disorder? Pump and dump.

Well over half the junk that gets past my IP address blocking these days is pushing penny stocks. The spammer or his client buys some shares of a thinly traded stock. He pushes it with messages that try to look like investment newsletters. He waits for some fools to buy it, and bump up the share price, and hopes he can spot the peak and sell there. It's called pump and dump and it's felony securities fraud. Perps go to prison for it, if they keep doing it long enough. Press releases from email firms like Sophos suggest pump and dump is about half the total spam volume now.

The strange thing is you can look up the charts on the stocks these guys pick, and they don't go up. Sometimes the spam runs seem to make them go down. Not only that, but some of the pumping on a single stock lasts for weeks, way too long for this trick to work. If this goose ever laid a golden egg, the spammers have long since beaten her to death. Recently they've been encoding their messages in images, to make it more expensive to filter. The images are full of artifacts to defeat optical character recognition: pop-art background images, ink spatter, random lines and curves, that you'd never see in a real stock newsletter. It's hard to imagine anyone would actually buy a stock promoted that way, even the dumbest would-be scammer.

How can we explain this behavior? First, understand that most spam is sent by highly organized gangs, doing very large spam runs for paying clients. The client pays up front, so the spammer gets paid even if the spam run loses money. But what is going on in the head of a pump-and-dumper? He's paying the spam gang, hundreds or thousands of dollars per run, on a gamble with very poor odds and a serious downside risk (prison time), and he keeps doing it, in the irrational expectation that the next time he'll hit the jackpot. That's compulsive gambling. It's a recognized mental disorder. It's in the American psychiatric catalog.

There's another aspect to it, that you'll discover if you contact spammers and try to talk to them about what they're doing, or if you read their rants in online forums like Every spammer I have spoken to or otherwise heard from in ten years of doing this has had some level of denial about the nature and morality of what they are doing. Every spammer, from the sociopath Sanford Wallace to the bullet-proof porn spammer hosting guy on to the anonymous Maoist spamming his/her manifesto. They think their message is different. They think they're only doing insignificant damage to infinitely wealthy corporations. They think the people trying to stop them are a conspiracy to stifle their "free speech" or unfairly compete with their business. Some think God told them to do it.

That's exactly the delusion that comes with compulsive stealing, kleptomania. What I'm doing isn't really hurting anyone, and the store detectives and the police are just out to get me. It's in the catalog, too.

I believe the leaders of the gangs you can hire to do spam runs are in it for the money. But the people paying them for most of the spam runs have some mental disorder. There's nothing rational about it. And the spammers-for-hire know it and exploit the illness.

Email a million people. Tell them to buy XYZ. Of those who respond, do a special second mailing. Tell half to buy ABC and the other half to buy DEF. Do this a few times. You'll end with group of people you've given "accurate" tips to for free.

Then you lower the boom. We've given you all this great advice for free, let us manage your accounts...
Trouble is, nobody responded to the first mailing. If anybody did, they're scammers too, trying to scam the scammers. And anybody who got a stock spam today got at least a dozen. They're not going to remember who sent what.

Stock spam is a one way, one time broadcast. There is no attempt at return business or starting any kind of relationship with the customer. They can't, because they can't give any valid contact information. If the stock spammer doesn't remain anonymous, it's too easy for the SEC to bust him.

One thing has been true since the beginning of the spam crisis. Buying something from spam is like buying it from a guy selling it out of his trenchcoat in an alley. That's why the only stuff that sells in spam is stuff people would buy that way. You might buy a fake Rolex that way, but you'd know it was fake, and not even a good fake. You'd be nuts to buy insurance or investments that way.

Another thing is spammers don't keep track of who they mailed to. It's too much trouble to collect that infomrmation from a bot-net, especially when many of the bots don't survive the run.
Yet they must get some payback. If they get one sucker per every one million spams, and that yields a credit card number or lets them manage their stock portfolio...

Good point though, most spams are so unreadable it's difficult to see who would ever reply them.
Payback wouldn't be the direct motivation for spamming. It's the expectation of payback that matters.

A few stock spammers have been busted. In those cases, apparently, the spammer and the "investor" was the same guy. But there have been so few prosecutions that they aren't a statistically meaningful sample.

My impression is most spams involve two or three distinct entities. The entities may be individuals or gangs. There is the "advertiser," who is trying to sell something or scam someone. There is the "spammer," who takes the advertiser's money in consideration of sending to so many million "fresh opt-in addresses." And there is a "bot-herder" who the spammer pays for the use of the compromised computers that will do the sending. Sometimes the spammer-for-hire and the bot-herder are the same person or gang.

(In the special case of advance fee fraud spams, we suspect the advertiser and the spammer are the same gang, and instead of a bot-herder we have a combination of negligent "free" email providers like Yahoo Mail or Hotmail and "Internet cafe" sweatshops where human labor circumvents those companies' trivial anti-abuse measures.)

My theory is this. The stock spam runs that are not resulting in securities fraud prosecutions, that is most of them, are the three-entity type. There aren't any busts because the transactions between the advertiser and the spammers are successfully anonymized through overseas accounts. All one knows about the other is an IRC identity and an account number at a Cayman Islands or Swiss bank.

In this situation, all it takes to keep the business going is a spammer who is good at promoting the scam, and a stream of stupid wannabe conmen who fall for the spammer's pitch once. In this theory, none of the advertisers ever has to make any money. The spammers and bot-herders are the only ones making a profit, while the advertisers are the ones risking prison.
I'd say most times there's more to it than just scammers trying to hook ppe up to buy shares, insurance and stuff. Many scammers actually are trying to infect visitors with virii, trojans, adware... you name it. I guess that's probably more profitable than just the 1 in 10 mil. scammed cc holders. On a side note, most e-mail providers have made huge improvements in terms of blocking spam/scam/malware attachments. My Yahoo e-mail used to get tons of spam just 3-4 years back. Now hardly any such thing passes the spam filter
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?