Wiz's Computer and Website Security Blog  

May 15, 2013

If you have been following my recent Pump and Dump expose, you are aware that the people running the email scam campaign pumping up GTRL have been lying, in order to draw in (sucker) more investors. Today, they ramped up their lies another notch and are falsely claiming that Get Real USA is being bought out. Not so!

If you search for any actual news from Get Real USA (GTRL), all you will find is this recent notice, posted by them on May 9, 2013:

The Company affirms that it has not participated in, condoned nor given permission to any company or individual to send unsolicited e-mail, text messages or any other communications involving the Company, its common shares or any of its products, that individuals may have received over the past week. Investors are cautioned not to rely on the statements made in these types of campaigns, when considering the Company as an investment. The Company does not endorse the use of these emails or promotions to create a market for its stock. Frank Weber President and CEO stated that neither the company management, company board of directors or anyone associated with Get Real USA has been authorized to issue any such communications and all recipients of such should disavow any and all of such communications.

This article has extended content.
Continue reading "Pump & dump scammers invent more fake news for GTRL" »

Posted by Wiz at 2:26 PM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^

May 9, 2013

I just had to write this brief follow-up to an article I began on Monday, May 6, 2013. I have been outing spammers running pump and dump scams on penny stocks, exposing the way they invent fake news reports and make stock value projections that don't jive with reality.

The scam being perpetrated this week involves a penny stock with the symbol GTRL. The company has already placed an unmissable notice on its landing page, indicating that they are in no way involved with this stock pump and dump spam campaign.

Nonetheless, the idiots behind this latest onslaught of botnet sent pump and dump scam emails are doing their damnedest to try to enlist up more suckers into purchasing GTRL penny stocks. Almost all of the spam messages in my junk folder, since last weekend, are classified as Pump And Dump Scams, by the anti-spam filters I write for MailWasher Pro users and myself.

Those who fall for the terrible English grammar and spelling mistakes in those spam messages would probably go to a place like otcmarkets.com to purchase large blocks of stock in the spammed company. Well, tonight I humored myself and visited the otcmarkets quotes page for GTRL (Get Real Media - a film company). On the right side of the closing price, which is down 18.52% from the measly opening price of a $.0135, to just .011, for all potential fools to see, is a black skull and crossbones symbol! Hovering over that skull symbol (on a desktop or laptop computer, not a smartphone) results in the following overlayed text display:

This article has extended content.
Continue reading "Pump & dump penny stock scam leads to an otcmarket skull & crossbones" »

Posted by Wiz at 12:08 AM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^

May 7, 2013

Yesterday, May 6, 2013, I published an article on this blog exposing the latest pump and dump scam making the rounds. The scam involves a true "Penny Stock" that is only worth 1 to 1.5 cents US. Despite there being no news from the company, GTRL, scammers have been pumping the hell out of it since the middle of last week.

While there has been no news from the company itself, other than a warning about the pump and dump scam using their symbol, there has been a flurry of fake news coming via the botnet used to send out this spam blast. This news and reports about the trading value increases in GTRL are all phony. I will expose this below.

In the spam messages I intercepted last night and this morning, the scammers claim, with poor spelling and grammar, that the stock is rising in value quickly and will soon reach a certain extraordinary high. Take a look at their (false) claims, after which I will show you what the actual trading charts reveal to be the facts.

This article has extended content.
Continue reading "How pump and dump scammers lie to sucker investors " »

Posted by Wiz at 11:15 AM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^

May 6, 2013

Since the predicted demise of the SCXN penny stock pump and dump scam, one week ago, a new stock scam has been making the rounds in its place. The new pump and dump of the week has the symbol GTRL (Get Real USA).

GTRL is a true "Penny Stock" - with a trading value of just one cent, last week. Since the pump and dump scam began trading today, the price increased a few percentage points to about 1.5 cents. The (Eastern European) scammers who bought up thousands of shares at a penny, in advance, are hoping to pump up the value to 5 or 6 cents, then dump all of those shares.

According to the text in the email scams, this company is about to make a major announcement that will cause the value of its worthless stock to shoot up. This is total nonsense. The only news published on the actual Get Real Movies website is a disclaimer of them having anything to do with the current stock scam. The following is quoted from the Get Real landing page...

NOTICE! It has come to the management's attention that the GTRL trading symbol has been associated with certain spam emails. The company is working to discover the source of the emails at this time.

GET REAL USA AND ITS OFFICERS, DIRECTORS, CONSULTANTS OR ANY OF ITS AFFILIATES HAVE NOT AUTHORIZED ANY EMAILS TO BE SENT ON THE COMPANY'S BEHALF.

Please do your own due diligence and consult with your financial adviser prior to making any decision related to the purchase of Get REAL USA securities. GTRL is considered to be a "penny stock" . Visit the company's most recent public disclosure statements and relevant company information at: www.otcmarkets.com

This article has extended content.
Continue reading "GTRL disavows current penny stock email scams" »

Posted by Wiz at 4:44 PM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^

April 28, 2013

One week ago I wrote about a penny stock email scam, pumping up the stock value of a little known company called Scout Explorations; a.k.a. SCXN. I predicted that this pump and dump scam would have the same outcome as almost all such schemes, and it did. All of the gains seen have been wiped out and the value has dropped to where it was last Monday, at the open of trading.

Last Monday, when the scam was very fresh, a lot of people bought shares, driving the value up to 41 cents. This number held for about two days, then began to drop as the early investors cashed out, again as I predicted they would do. At the close of trading on April 26, this pink penny stock was selling for just 28 cents, after dropping all the way to 25 cents. People who bought into the scam on Monday morning made their money back if they sold on Friday. All the rest lost money, except for one group.

The one group who undoubtedly gained money were the ones who bought thousands of shares of SCXN stock while it was at 5 to 15 cents, which it was for many months. The value only began to go up as a result of an offshore email spam run, coming from computers in Belarus. These folks would have earned themselves about 25 to 35 cents a share profit, as they sold (dumped) all of their stock on Tuesday, April 23. You can follow the hourly, daily, weekly, monthly or yearly activity of this penny stock on this Fox Business News page.

This article has extended content.
Continue reading "SCXN pump and dump scam fails again, as predicted" »

Posted by Wiz at 2:53 PM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^

April 21, 2013

Since Friday, April 19, 2013, I have received over two dozen email spam messages touting a penny stock with the initials SCXN. The purpose of these emails is to pump up interest in this stock and get as many new investors as possible to buy into it on Monday, before it crashes.

Once a predetermined price has been reached, the people already holding the majority of the shares, who also created this scheme, will cash out (dump), leaving all of the other later investors holding stock worth much less than they paid for it.

In order to try to fool spam filters, the authors add an underscore between varying letters in the symbol of the stock being spammed. So, instead of seeing the full abbreviation: SCXN, you would see S_CXN, or SC_XN, or SCX_N. No legitimate email message from a real adviser would need to try to trick spam filters in this manner.

Pump and Dump scams have been around for many years and used to be sent out by newspaper and direct mail advertisements. But, with the popularity of the Internet and availability of cheap spam email services, based in Belarus, Kazakhstan, The Ukraine, Russia, Bulgaria and Latvia (to name but a few), these schemes can be sent to tens of millions of potential dupes for a several hundred dollars.

If you have multiple email accounts and they are already on spam databases, you will receive similar spam messages in each account. Or, if you have just one email account, you will certainly see multiple versions of the current pump and dump promotion on the same weekend. The spammers send multiple messages to the same or related accounts in order to drum up as much illicit profit as possible, in the shortest time. This is because the spam runs usually happen on the weekend, while the stock exchanges are closed. When trading opens on Monday morning, the people who got tricked into investing into the stock scam of the weekend will pour money into penny stocks.

Volume is as important as price to the scammers running these schemes. High volumes of activity on Mondays can give false confidence to some holdouts and cause them to join the feeding frenzy. Once the original stock holders see the price rise to the agreed upon mark, they all cash out at the same time. This causes the value of the remaining stock to drop quickly. By the time trading has halted, these stocks are often trading at a few cents above the starting price that existed at the open of the trading day.

This article has extended content.
Continue reading "Pump and Dump Stock Scam of the Weekend: SCXN" »

Posted by Wiz at 5:09 PM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^

April 18, 2013

In the early hours of April 17, 2013, I published an article detailing an email scam using the Boston bombings as the lure to attack computers with malware. Today, that scam has switched to referring to the fertilizer plant explosion in Waco West, Texas, in the evening of April 17. The links and landing pages are the same as yesterday's.

In today's email attacks, the Subjects have been changed to refer to the Waco explosion in this fashion:

Waco Explosion HD

CAUGHT ON CAMERA: Fertilizer Plant Explosion Near Waco, Texas

Raw: Texas Explosion Injures Dozens

Runner captures. Marathon Explosion

The message bodies still only contain a numeric hyperlink, in plain text. The format of these links is as follows (deactivated for your safety):

h**p://95.87.6.156/news.html

All of today's links have 4 part numeric IP addresses, followed by "/news.html" as of this writing. But, that file name has been changed to "/texas.html" in some recent messages.

This article has extended content.
Continue reading "Boston bombing email scams morph into Waco explosion scams" »

Posted by Wiz at 10:46 AM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^

April 17, 2013

Tonight, I discovered a new malware attack tactic in the MailWasher Pro Recycle Bin. It was automatically deleted because it matched the conditions I created in a filter I call Exploit Link. In this case, the filter was matched by a numeric IP in the URL, instead of a domain name. Numeric URLs, especially those ending with a .htm or .html file are hostile 99.999999999% of the time. This one sure was.

The email arrived very late, at about 1 AM, Eastern time. Its sender was nobody I know, but it contained this enticing subject:

Explosion at the Boston Marathon

The total content in the message body was only a link, in this (deactivated) form:

h**p://178.137.100.12/news.html     (Don't go there!)

UPDATE; April 17, 2013, at 2:55 PM EDT:

I have now discovered some new numeric links containing the file name "/boston.html" - leading to exploit pages.

This is what is known as a numeric URL or hyperlink. It does not point to any known or registered domain name, just to an IP address. Spammers have set up a malicious web page on some compromised computer or hand held smart device that has been assigned a static IP address (usually by their broadband Internet service provider). In this case, the IP 178.137.100.12 is assigned to a "Kyivstar" GSM mobile broadband customer in Kiev, Ukraine. That IP address is already listed on my Russian Blocklist, under the CIDR 178.137.0.0/16.

UPDATE:
All of the links I have found in these email scams are leading to computers or devices located in Russia, Bulgaria, Latvia, or The Ukraine. This is an attack hosted by criminals based in the Former Soviet Union.

What awaits you at this numeric URL, ending in the file named: news.html?

This article has extended content.
Continue reading "Malware scammers exploiting Boston bomb tragedy by email" »

Posted by Wiz at 1:21 AM | Permalink

Get Norton 360 - All-In-One Security. Comprehensive, easy to use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360.
SPECIAL PROMOTION: Save 25% off All Norton Products with Coupon Code: SYMANTEC25US.

back to top ^