All Hands to the Pump and Dump
An old scam updated to use social media
An article on a common email scam, originally published on ITSecurity UK (no longer available), now updated with information about ‘Ramp and Dump’ scams currently reported by the FBI as operating on social media.
Even before I started working directly with vendors in the security industry in 2006, 'Pump and Dump' scams were a major nuisance. Here's a description from a white paper Andrew Lee and I wrote after I started working with ESET.
Pump and Dump (or Hype and Dump) mails are designed to inflate the value of stock temporarily by hyping it to potential small investors. Typically, the scammer will buy a large amount of next-to-worthless stock, and then hype the company through spam, hoping other investors will buy it, thus inflating the price. As these duped investors buy stock, its value rises till the scammers sell off their shares at the now inflated price. They then stop hyping the stock and it falls in value, and typically the new investors sustain a financial loss. These mails are still often seen as a minor nuisance, but are rising in volume and widening in geographical scope, and there is evidence that organized crime is making a great deal of money this way.
At that time, this type of scam was still common and had become fairly sophisticated, at least in terms of avoiding detection by anti-spam products. But its impact fairly swiftly declined for a while. I don't know how prevalent it was in the interim, but it had pretty much slipped off my radar: I wasn't seeing it in my spam traps, and I wasn't seeing it reported elsewhere. Not, at any rate, until Paul Ducklin reported in 2017 a heavy upsurge in Pump and Dump, suggesting that:
'…the “resting” Necurs zombies still out there and undetected have been called back into service.'
For Virus Bulletin, Martijn Grooten followed up with some references to other sources. (in 2020, Sophos reported massive disruption of the Necurs botnet, which as well as pump-and-dump was distributing ransomware, miscellaneous spam, theft of credentials, and so on.) Sure enough, back in 2017, I was starting to find similar mails in my own spam traps, notably from scammers claiming that shares in a penny stock company were about to soar in value due to a takeover. One message claimed that the company:
… specializes in the manufacturing of high-end specialized drones with real-world applications such as automated dispatching for news coverage by companies like CNN all the way to miniature drones which can be used to gather intelligence for the military, private investigators and police.
This didn’t prove to be the case: when I started digging deeper, the company turned out to be a media company with no foothold in the world of drone technology. However, Pump and Dump scans tend to exploit thinly traded companies, about which there is often very little easily-obtained information. Another message claimed that the company had:
'… proprietary algorithms which essentially bring drones to life. These algorithms give the drones the capability to act independent of a physical operator.'
Just what the world needs: skies full of uncontrolled drones… (The controlled military ones are bad enough…)
Subsequently, I became aware of a barrage of similar messages relating to a company that distributed fitness equipment. However, the messages claimed that it was about to make an announcement about a somewhat miraculous cure for cancer. Some of these claims remind me of those posts on social media that tell you how the pharmaceutical industry is suppressing the information that huge volumes of unrelated forms of cancer can be cured by taking a subject that generates cyanide or by eating green vegetables. For instance, one message claims that:
While this isn't a one hundred percent method, it works good enough to save over 50 million lives a year.
You'd think that would be hard to keep secret, wouldn't you?
Some of these messages certainly had an unhealthy effect on my blood pressure, perhaps because I spent quite a few years working in medical research environments, and these claims just don't stack up. And according to a comprehensive article by Dynamoo, that particular stock had already crashed and burned, but the spam hadn't stopped.
Characteristically, spam like this quickly turns its attentions to a completely different market sector, so rather than detailing those technical and medical improbabilities, let's look at some of the less topic-specific characteristics of this type of scam, at least in its present form. (In fact, some of these will also apply to quite different scam types.) At the time I originally wrote this, the scams were coming in by email. As I’ll be discussing a little later, there seems to have been a shift in venue towards social media. However, on the assumption that at least some of the social engineering will b along the same lines, here are some thoughts arising from the emails I was seeing in 2017.
1. A barrage of messages, all apparently from different people, all advising you to invest in the same company. Automated spam campaigns spread through botnets generally go for volume, not fine-grained targeting, so it's likely that you'll get mail from quite a few (faked) email addresses. Fortunately, the addresses currently used are quite likely to trip email anti-spam filters, so you may not see them at all. But if you do, it's reasonable to be suspicious of several people (or rather bots) you've never heard of, all offering you investment tips and information that's supposed to be confidential. For example:
'I know of a cutting edge company that has just completed the development of a new life saving medicine. A friend who works at a high position, at a secretive place told me about it.'
If you're told that the information is 'for your eyes only', it's worth wondering what you've done to deserve this special treatment from a complete stranger. In a more fine-grained attack, you might actually receive messages with the spoofed address of someone you do know.
2. Almost invariably, this 'information' comes from 'a friend of a friend', like the case above. Here's another.
'I have a good friend who works at the fda, and from time to time he tells me about things before they happen.'
This is a common characteristic of hoaxes too.
3. One common approach seems to be to tell you that you're on a mailing list. If you're pretty sure you've never signed up for investment advice, why would you trust unsolicited advice? Especially if you know that this type of stock fraud is basically about inflating the value of stock for the benefit of someone who currently holds it, not about helping you to make money.
4. As with other scams (bank phishes, for example), there's a clear intention of rushing you into a rash action. You'll be told that you need to act quickly, before an official announcement is made. Again, if you're told to act quickly to get 'ahead of the herd', you might want to ask yourself how you came to be regarded out of the blue as a herd leader.
Today (July 2025) I learned from one of my LinkedIn contacts in the security industry of a scam warning originating with the FBI (insert own snarky Epstein comment here…) stating that “Fraudsters Target US Stock Investors through Investment Clubs Accessed on Social Media and Messaging Applications.” The alert refers to Ramp-And-Dump stock fraud rather than Pump And Dump, but it appears to be similar stock fraud pursued through social media. Specifically, text messages or social media adverts linking to online investment clubs hosted on secure messaging apps.
The basic scam mechanism is the same, though.
“They secretly control a large volume of a low-priced stock and … inflate its price (’ramp up’) by encouraging investment club members to purchase shares over a period …Once the price is artificially elevated, the criminals sell off (’dump’) their shares at a profit, leaving unsuspecting investors with significant losses as the stock value collapses.”
Further information:
Ramp and Dump article
FBI Ramp and Dump alert
Wikipedia Microcap Stock Fraud article
Investopedia: How does a pump and dump scam work?
Forbes: How to Spot a Pump and Dump
Wikipedia Pump and Dump article