Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Bull Market for Cybercriminals

Fraudsters add online twists to time-tested stock and securities scams

The Internet has helped thousands of businesses to automate processes that they previously conducted via phone and fax.

Unfortunately for investors, stock fraud is one of them.

No surprise, then, that the Web continues to be a popular avenue for thieves who want to steal money from investors. But the lengths criminals are using get more creative every day, according to industry researchers and law enforcement officials.

"The actual crimes we're seeing aren't all that different from what we saw ten years ago," says John Starks, chief of the Office of Internet Enforcement at the U.S. Securities Exchange Commission. "But the ways criminals are using the Internet to propel those schemes -- those are pretty interesting."

The SEC gets about 10,000 emails a day to its complaint center, and a large percentage of those complaints are Internet-related. "A lot of them are about spam," says Stark. "But we do look at all of them, and some of them turn into more extensive investigations." The SEC is currently handling about 550 Internet-related cases, Stark says, and that doesn't count some criminal cases that are being handled by other law enforcement agencies, such as the FBI.

And the problem is growing, according to security researchers. Just last month, authentication firm Arcot systems reported that many identity thieves have moved on from banks and are now targeting online brokerages.

"With the increase in consumer use of the Internet for personal finance, financial institutions are having a problem staying ahead of hackers," Arcot stated. "In [many] cases, hackers were able to bypass multiple layers of security and gain access to users' accounts."

In October, E-Trade Financial told reporters that "concerted rings" in Eastern Europe and Thailand had cost its customers $18 million in losses in the third quarter alone. The third-largest online broker, TD Ameritrade also conceded that the problem "continues to grow," although it did not disclose any loss figures.

Online criminals are finding new riffs on securities fraud, frequently by stealing access codes to an investor's entire portfolio, Stark says. "The simplest attack is to hack into an account, liquidate all the assets, and then wire the money offshore."

But fraudsters are developing more intricate schemes all the time, Stark observes. For example, the SEC is tracking new variations on an old scam called "pump and dump," where a criminal buys up a stock in an effort to pump up its price, then sells it all at once to reap the profits.

"What we're seeing online is criminals hacking into customers' accounts, liquidating the assets, and then using the money to purchase microcap securities," Stark says. If a criminal can get access to enough accounts and assets, he can inflate the price of these microcaps (also known as "penny stocks") and then sell them off in a classic pump-and-dump.

In April, the SEC charged two New York men, Faisal Zafar and Sameer Thawani, with manipulating at least 24 microcap stocks over a period of about 18 months. The men made more than $873,000 by purchasing the stocks, anonymously disseminating false information about them on popular Internet message boards, and then selling them at inflated prices.

Spam also is becoming a popular tool for securities fraudsters, Stark says. "With spam, it's sort of like the securities fraud flavor of the month," Stark observes. "The best scams come right out of that day's headlines -- they offer false investment opportunities based on developments in the markets or in the news."

The case against Zafar and Thawani is a good example. In that case, the two men sent out information that one of their microcap companies had received a contract from the Department of Homeland Security to improve New York's subways right after the London subway bombings, according to the SEC.

Although the approach of securities fraudsters may be shifting, the SEC's methods for investigating the crimes have stayed largely the same, Stark says. "The best method of investigation is still to follow the money," he says. "That's the nice thing about securities -- we're going to know who's making the trade, and we can usually follow the trail from there."

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...