Spammers turn to PDF files in latest pump-and-dump scam

Sophos is warning of a new ‘pump-and-dump’ stock spam campaign which uses a PDF file to hoodwink potential investors. Sophos has identified email messages being sent to German internet users, encouraging them to read an attached PDF file that urges them to invest in stock belonging to Talktech Media, a company listed on the Frankfurt stock exchange.

According to Sophos, internet users may not be aware that spammers are likely to have purchased Talktech Media stock at a low price, and are now trying to artificially inflate its price by encouraging others to follow suit. The spammers then plan to sell off their stock at a profit, potentially causing the price to plummet. Sophos experts note however that the authenticity of the PDF is called into question by its peculiar filename, ‘sexy_ganja_report.pdf’.

“Internet users without anti-spam protection are probably used to seeing messages in their inbox telling them to buy shares in companies they’ve never heard of, but usually the promotions are in the form of regular text or an embedded image,” said Graham Cluley, senior technology consultant for Sophos. “The PDF attachment is not only an attempt by criminals to get past anti-spam filters, but also to make their dubious information appear slicker and more authentic. A good anti-spam defence can protect against this nuisance, but spammers are unlikely to stop their illegal stock manipulation any time soon – the rewards to be gained from successful pump-and-dump campaigns are just too great.”

Sophos experts report that pump-and-dump stock campaigns account for approximately 25 percent of all spam, up from just 0.8 percent in January 2005.