|
Most of you will remember the penny stock SPAM messages from a fair few years ago. The main aim of the game is to buy a bunch of penny stock and then do a SPAM campaign to drive buying interest, artifically inflating the price of the stock. They sell and make their money. It may be a few cents per share, but if you own enough of it can be quite profitable. Most SPAM filters are more than capable of identifying and dumping this kind of SPAM. It looks however like it is becoming popular again. My little SPAM traps have been receiving a few of these messages over the last few days.
What is old is new again. It might be agood idea to check that your filters are taking care of these for you. Mark (to much Big bang theory before writing ;-) thanks for pointing it out ) |
Mark 392 Posts ISC Handler Apr 5th 2013 |
|
| Thread locked Subscribe |
Apr 5th 2013 9 years ago |
|
|
I remember sending abuse reports about OTCBB/Pink sheets spam directly to the markets that control them. It seems they've changed websites & email addresses a lot since them, so I'm not exactly sure where it should be directed. But here is their contact page: http://www.otcmarkets.com/contactUs and here is a warning from the SEC about these types of scams: http://www.sec.gov/answers/unsolicitedquotations.htm
|
pogue 17 Posts |
|
| Quote |
Apr 5th 2013 9 years ago |
|
|
If you are using ClamAV, the Sanesecurity sigs have been taking care of these for quite a few days...junk.ndb and scam.ndb databases.
Steve: www.sanesecurity.com |
Sanesecurity 21 Posts |
|
| Quote |
Apr 5th 2013 9 years ago |
|
|
Picked up my first of the run on these 3.4.2013:
<snip> Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.whataboutbob.org (Postfix) with ESMTP id 2AD188D019C for <threatstop@whataboutbob.org>; Mon, 4 Mar 2013 20:59:43 -0800 (PST) Received: from 113.172.214.251 (unknown [113.172.214.251]) by mail.whataboutbob.org (Postfix) with SMTP id 79B278D019A for <threatstop@whataboutbob.org>; Mon, 4 Mar 2013 20:59:38 -0800 (PST) Received: from unknown (HELO vkyfdy) ([89.113.115.219]) by 113.172.214.251 with ESMTP; Tue, 5 Mar 2013 11:51:37 +0700 Message-ID: <000401ce195c$b51c9d00$597173db@Bubblesvkyfdy> From: "Jennifer Goodwin" <panty@tc.umn.edu> To: <threatstop@whataboutbob.org> Subject: [SPAM] It is on Immediate Alert! This Bull is Positioning for a Major Run Date: Tue, 5 Mar 2013 11:45:53 +0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1250"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Kolab-Scheduling-Message: FALSE X-Kolab-Scheduling-Message: FALSE Time to Get Bold... This Company is back on Smallcap! Date: Tuesday, Mar 5th, 2013 Name: GOLD & GEMSTONE MINING INC. Tick: GGS_M Buy at: $0.02 Long Term Target: $0.25 This Stock is Having a Huge Day! Check out!!! Trading On Heavy Volume Afternoon Breakout Just Starting!!! |
Bob Stangarone 9 Posts |
|
| Quote |
Apr 5th 2013 9 years ago |
|
|
Alas, I feel sorry for:
"Jennifer Goodwin" <panty@tc.umn.edu> who is a "Joe Job" victim -- there's no reason to cite her E-mail ID as "clear" (easily harvested by spammers) text, since there's no proof, within the E-mail headers that you cited, that she has had any role in the distribution of the messages. Sigh. |
Anonymous |
|
| Quote |
Apr 5th 2013 9 years ago |
|
|
pennie?
|
Anonymous |
|
| Quote |
Apr 5th 2013 9 years ago |
|
|
I've been seeing 2-3 'stock boost' spams a week in my gmail spam folder since November or so.
|
Eric 12 Posts |
|
| Quote |
Apr 5th 2013 9 years ago |
|
|
JoeJob - do you really think that Jennifer's email address in that message is valid? Take a closer look... it sure appears to be bogus. "panty@xxxxx.edu"? GMAB...
|
RussM 4 Posts |
|
| Quote |
Apr 6th 2013 9 years ago |
|
|
>> do you really think that Jennifer's email address in that message is valid?
>> Take a closer look... it sure appears to be bogus. 1. Why take the chance that it is valid? Instead, err on the side of caution, and mask it out. 2. You're presuming that students have "American" names like "Goodwin" or "Jennifer". Open your mind to Asian names like "Pan" or "Pant" or "Ty". Or, it could be a long-held nickname, like "Snooki". Or, it could be a requirement of the U. of Minn. for each student to have an ID, to authorize them for various "restricted-license" online resources at their Library. So, the ID was created, and is used only for "authorization", while the person has a GMAIL or HOTMAIL ID for all their "social" communications. E-mail to 'panty' could be auto-forwarded. Again, including that ID in the posting was not necessary -- it didn't add any "evidence" about the original of the E-mail. Just leave it out! P.S. What's a "penny" ? Canada does not have such a coin in circulation.  |
Anonymous |
|
| Quote |
Apr 6th 2013 9 years ago |
|
|
"Why take the chance that it is valid? Instead, err on the side of caution"
Because it is useful information to have the example in unaltered form, and changing it is more harmful. Having an example from address enables others to search mail logs for it, to see if impacted, or if more details of the spam origins can be ascertained. I am not in favor of protecting spammers by obscuring details that are crucial for tracing and correlation. |
Mysid 146 Posts |
|
| Quote |
Apr 6th 2013 9 years ago |
|
|
"P.S. What's a "penny" ? Canada does not have such a coin in circulation.
"Neither does the U.S.A. We have a one cent coin but it is commonly called a penny here stemming from British heritage and steadfastly clinging to traditions of the vernacular type. |
Alan 57 Posts |
|
| Quote |
Apr 7th 2013 9 years ago |
|
|
I am pretty sure that address is already known by the spammers if it is being used for JoeJobs already, but you are entitled to your opinion. :)
|
Bob Stangarone 9 Posts |
|
| Quote |
Apr 7th 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
