SEC Suspends Trading For 35 Companies, Cites Spam Activity
The Securities and Exchange Commission last week suspended trading for 35 companies that allegedly benefited from spam e-mail campaigns to hype their thinly traded penny stocks.
And in a separate action earlier this week, the SEC froze $732,941 that it alleged was amassed by a ring of cyberthieves who used stolen user IDs and passwords in an elaborate scheme to extract funds from online stock accounts at seven prominent online brokerage firms.
The crackdowns show how thieves are using e-mail spam and security weaknesses in online banking systems to accelerate tried-and-true financial fraud.
"It's a vivid illustration of how run-of-the-mill crooks are taking yesterday's scams and leveraging them forward using e-mail and sophisticated malicious hacking tools," says Patrick Peterson, vice president of technology for security firm IronPort Systems.
Stock price manipulation dates back to rumor-mongering in Wall Street's early days.
In the modern version, 35 smaller companies saw their share values rise after some 100 million e-mail messages were sent out hyping them, using phrases such as "ready to explode" and "ride the bull." Prices fell after the spamming stopped.
"When spam clogs our mailboxes, it's annoying," SEC Chairman Christopher Cox said in a statement. "When it rips off investors, it's illegal and destructive."
In the more elaborate scam, the SEC alleged that 20 individuals, listing residences in Russia, Latvia, Lithuania and the British Virgin Islands, set up multiple brokerage accounts at http://www.parex.lv/ , an online service run by Riga, Latvia-based Parex Bank, then began acquiring an array of penny stock companies.
Using stolen log-on credentials, intruders then broke into online trading accounts at E-Trade, Charles Schwab, TD Ameritrade, Scottrade, Vanguard Brokerage Services, Fidelity Investments and Merrill Lynch, the SEC says.
User IDs and passwords are readily available on Web sites, called carding forums, where cybercriminals congregate.
At an appointed time, the intruders would sell off the entire portfolio in a highjacked account and use the proceeds to buy shares in stocks held in the Parex Bank accounts, according to the SEC.
For instance, according to the SEC, on Feb. 9, 2006, someone sold off the portfolios in breached accounts at TD Ameritrade, Scottrade and E-Trade, and used the proceeds to buy enough shares in Remote Dynamics, a Richardson, Texas, tech firm, to drive the share price from 29 cents to $1.10 per share.
That same day, the Parex account holders sold 512,200 shares of Remote Dynamics, clearing a $75,720 profit.
The ring pulled off 14 other similar scams, costing the brokerages more than $2 million to make the account holders whole, says John Reed Stark, chief of the SEC's Office of Internet Enforcement.
"It's a much faster process than getting people to buy the stock and pump up the price," Stark says. "The victims wake up in the morning, and all their blue chips are gone, and all they're left with is a bunch of worthless stock."
WBJ Web Partners
Most Recent
Most Recent
0 Comments