Slashdot Mirror
SEC Halts Trading on Spam Driven Stocks
goombah99 writes "The SEC has taken action to halt transactions on spam-touted stocks. Presumably this opens an opportunity for denial of service attacks on stocks. However, to be effective spam generally must target penny stocks with historically low volumes and thus the actual capitalized market impact or effect on the companies for a temporary shutdown can be expected to be negligible and transient. One example was given of a touted apparel stock jumping from 6 cents to 45 cents over a period of days before settling down to ten cents a share and near 65,000 or about $6500 in transactions (an eighth of the peak share volume, and a 50th of the peak transaction value). In other words, the market distortion of a brief shutdown, even if it were a DOS attack, would be massively less than the integrated spam surge. The thing I found surprising was that for this to be an effective measure with human oversight then the number of such events must be relatively small in number. From the amount of spam I get I'd have guessed it was a tidal wave."
Because those 'stupid' enough to go out and buy those stocks give the spammers incentive to continue. Spamming people like you and I who don't buy the crap.
I.O.U One Sig.
1) these are companies that can't get listed on regular exchanges. Either they're too new or small to afford the fees, or they don't have the financials that the exchanges require.
:) )
2) this is a big one: the market makers may not report every single transaction and every price change, or every minute or hour. You're used to seeing the market change, and having updated info pretty quickly after a trade. "Real time level 2 quotes" and all that. Guess what? These are thinly traded. Some report daily. Some report every couple of days. Some report weekly. Unless you check, you don't know. If you see stock trading for 5 cents one week and 25 cents the next week, you don't know if it really is going up, or if it went to 10 dollars in the middle of the week, and all the pumpers jumped, and 25 cents is the reported figure on the way back down. You just don't know.
Go here for some more information. Really. Don't think about these without being sure you know the risks.
(Also, I have to say, while the information I gave in #2 was deemed correct when I worked for a broker, I was never a licensed broker myself. So don't take my word for it still being completely true. I see that a company called pinksheets.com offers what they say are real time quotes now for dealers, but they're neither a NASD broker-dealer nor SEC-registered, so... who knows what that means? Ask your broker and do your own research. Be sure and ask your broker what it means when you try to sell "at market" on a pink sheet, too, if you're assuming you're going to be able to get out quickly
Presumably this opens an opportunity for denial of service attacks on stocks. However, ... the market distortion of a brief shutdown, even if it were a DOS attack, would be massively less than the integrated spam surge.
Two platitudes:
- In a race between weapons and armor the weapons eventually win.
- To end a war you must defeat the enemy.
My bet: Once this goes into effect the spammers will adapt. Expect the result to be a bigger problem.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
By the time the SEC decides to act, the pump and dump is already over. These scams happen in the space of a few days. Blocking trading on a group of stocks that have already been pumped and dumped is futile. As the submission suggests, if they could act promptly by blockign trading immediately after a spams, that would effectively be a DoS attack on a stock trading, any spammer could initiate one. The SEC needs to go after the spammers, not the stocks.
They have this. It's called hotmail.
Help stamp out iliturcy.
All this does is give bad guys a new way to extort money from companies. "Hey, Mr. CEO! Wire $50k to my egold account by Friday or I'll send pump&dump spam and get trading suspended on yoru company's stock."
The right answer is to unroll these trades and see who is profiting. Then start doing some analysis on the brokerages associated with these trades, because I'm willing to bet we're talking about "less reputable" brokerages. Now pull their securities dealer's license. Do you think that would cause other brokerages to look more carefully at sudden large volume trades on previously thinly-traded stocks? I do.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Pump and dump violates the securities laws, right? The SEC's own web site calls them "fraudulent".
So why can't they track these guys down and prosecute them? The SEC has a pretty good investigative force. They tracked down Martha Stewart. They subpoenaed her phone records and everything.
You have to buy these stocks from a broker, so that leaves a paper trail. They have to report stock purchases to the IRS, if nothing else. You can't buy stocks with stacks of currency, can you?
The guys who are behind the pump and dump schemes by definition will buy the stock at the beginning, send out 10 million spam to get the suckers buying, dump the stock when the price goes up, and leave the suckers holding the bag.
So why can't the SEC track these guys down through the brokers, and prosecute them for this pattern of buy and sell that is obviously fraudulent?
Will somebody who understands this better than me explain to me why the SEC can't enforce the law?
It's time to stop tolerating ISPs that tolerate infected PCs. Is spam the only thing a zombie can do? No. Will this stop ddos botnets? Not a chance. One thing at a time, and spam leaves a trail. The Heinlein strategy: ~when you don't know how to solve a problem, do any part of it you do understand, then look at it again.~
Get as many as possible of the major email services - gmail, hotmail, yahoo, aol, all their equivalents in other countries - to backtrack inbound spam envelopes to a retail ISP. Crank up the heat on the worst offenders until they shut off zombies. Private warnings, name and shame, SMTP brownouts and blackouts, BGP blackhole.
The ISPs all have AUPs. Seems simple enough: they warn spam sources, point them at instructions and commercial offers of help for a full disinfect, then if they stay infected shut them off until they pay for an ISP-provided (and expensive) brainwipe. That'll make lots of new niches in which the scum who'd otherwise be sending spam can turn a buck, and take the load off everybody but the clueless.
Now, obviously, this is *too* simple somehow, or otherwise somebody'd be doing this already. What is it?
As always, all IMO. Insert "I think" everywhere grammatically possible.
First of all, the fraudsters aren't stupid enough to leave (much) of a paper trail; its common for them to use brokerage accounts compromised by phising. They execute their pump'n'dump via a stolen account, and by the time the dust settles the funds have been transferred.
Secondly, many of these folks operate from abroad and the amounts involved - in any single fraud - just aren't large enough to warrant the intervention of The Feds. Sad but true.
Because the market for these shares is so thin - most of the pink sheets companies will have market caps of less than one million dollars - the criminals can't fraudulently run huge amounts of money. So they perform a large number of smaller transactions.
Short of some organised crime indictment, The Feds won't get involved as the individual amounts are so damn small.
A message from our sponsor
The best scams are those that make the sucker think he's pulling a fast one. It doesn't work. The "smart" people trying to cash in on this lose.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id =920553
"Before brokerage fees, the average investor who buys a stock on the day it is most heavily touted and sells it 2 days after the touting ends will lose approximately 5.5%. For the top half of most thoroughly touted stocks, a spammer who buys at the ask price on the day before unleashing touts and sells at the bid price on the day his or her touting is the heaviest will, on average, earn 5.79%."
You think you can squeeze a profit while the spammer is cashing out and the price is falling, good luck. They know the game, you don't.
The stock spam and pump-n-dump activities; while they do pose a threat to our financial systems, these actually represent the last step(s) in the chain for some very serious and very brilliant criminal activities. There is a much, much bigger story going on here that the public are not being told about.
Permit me to break it down for you:
The Phishers will phish usernames and passwords for brokerage accounts, or they will collect the information from personal users by means of a trojan. The criminals log into these accounts and schedule sell orders for whatever stocks they are holding, and schedule buy orders for the penny stock they are going to pump-n-dump. Then they walk away.
They execute the spam, eager traders read the spam, look at the account and see that volume of shares purchased have been bought up in the past n-hours and they jump in. The pumpers have bought their stock before hand and once the volume peaks, they dump. The account holders whose accounts were compromised are left holding the pumped-dumped stock...
The criminals are getting GOOD! They don't need to worry about transferring money out of the compromised brokerage accounts, they are stealing the money and laundering it all in the same step.
And it should be no big surprise that the criminal organizations behind the whole operations is the Russians.
Welcome to professional bank robbery in the 21st century.
*NOW* this is not to say that the traditional "boiler rooms" don't exist. They most certainly do and they continue to pose a serious problem which the SEC has addressed for many years. What is new is this most recent innovation that targets retirement accounts, day traders and even the average investor. The "tens of millions of dollars in losses" mentioned in TFA are coming from liquidated brokerage accounts. The SEC is in a panic to shore up or stop this exploit by suspending trading on pump/dump stocks. They're hoping to stem the hijacking of retirement funds by stopping the ability to get the money out.
See, when you view it through the proper perspective, within this greater context, now it makes sense as to why the Russian spammers and bot masters have suddenly gotten involved in the game.
I personally have communicated with the scammers & spammers, some of the conversations I have written about on my site, which includes screenshots of bank accounts that have been compromised by phishing, etc.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Do you even lift?
These aren't the 'roids you're looking for.