Spammers Pump & Dump With Tunes
Sophos: In new twist, criminals adopt bizarre audio technique in attempt to inflate share prices
BOSTON -- IT security and control firm Sophos has discovered a new pump-and-dump spam campaign that is attempting to manipulate share prices through the use of MP3 music files. MP3 files that pose as music from stars such as Elvis Presley, Fergie and Carrie Underwood, but which actually contain a monotone voice encouraging people to buy shares in a little-known company, are currently being spammed out to email users worldwide.
According to Sophos, the emails often contain no subject line or message body but have attached to them an MP3 file typically named after a popular music artist. Some of the filenames used include hurricanechris.mp3, allforone.mp3, carrieunderwood.mp3, elvis.mp3, baby.mp3, fergie.mp3, and bbrown.mp3.
The voice on the MP3 file, which is randomly altered in an attempt to avoid detection by anti-spam filters, says the following:
'Hello, this is an investor alert.
Exit Only Incorporated has announced it is ready to launch its new text4cars.com website, already a huge success in Canada, we are expecting amazing results in the USA.
Go read the news and [obscured] on EXTO. That symbol again is EXTO.
Thank you.'
The stock spam MP3 file can be found at:
http://www.sophos.com/images/sounds/stock-spam.mp3
Exit Only, Inc is a company listed on Pink Sheets that runs a website marketplace for new and used motor vehicles. Some of the MP3 files repeat the message twice, rather than once.
"Users may click on the MP3 file expecting to hear Elvis, but they'll be all shook up when they discover it's actually a voice resembling Marvin the Paranoid Android droning on about a stock that is set to be the next big thing," said Graham Cluley, senior technology consultant for Sophos. "The spammers are already likely to have purchased stock on the cheap, and they are now trying to artificially inflate its price by encouraging others to purchase more. Once the stock rises, they'll quickly sell up, leaving the duped investors crying in the chapel. Thankfully though, it's hard to believe that many internet users will fall for such an amateurish presentation of an 'investor alert'."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024