By Maggie Shiels
Technology reporter, BBC News, Silicon Valley
Spam is used to boost share prices so conmen can cash in
Scammers using the net to hype stocks are being targeted with software that can spot fraudulent trading patterns.
Many hi-tech conmen use junk mail to hype stocks so they can sell shares they own in the companies at a profit.
It has been estimated that 15% of all spam or junk e-mail is made up of messages that "pump" stocks that are later "dumped".
Developed by web giant VeriSign the anti-fraud software works by keeping an eye on real-time trading activity.
"This gives brokers a jump on the attackers and raises the bar," said Perry Tancredi, senior manager of anti-fraud services at Verisign.
Pump and dump schemes involve stocks that have had their price artificially inflated. This can be done by manipulating the market but often it is done by sending out a spam run tricking small investors to cash in on a stock.
The fraudsters then quickly sell the overhyped shares collecting profits for themselves and causing investors and brokerages to lose money.
A study of such scams in 2006 concluded that spammers can regularly make a return of up to 6% via such schemes.
They are regarded by the U.S. Securities and Exchange Commission (SEC) as one of the most common internet frauds costing billions of dollars a year. Typically scammers target so-called penny stocks for these scams.
"Investors need to be extra careful when they are investing in this kind of company because they can lose all of their money and these stocks are particularly vulnerable to manipulation more than ever because of the internet," said John Stark, head of internet enforcement at the SEC.
Mr Tancredi said Verisign's fraud detection kit would help "decrease the time between the attack being launched and the brokerage being able to respond".
Before now, he said, brokerages relied on counter measures such as restrictive stock trading or analysis packages that only spotted a problem when money had gone.
Verisign's software is a module that brokers can add to their in-house trading system that alerts anti-fraud teams to look more closely at trades that exhibit certain behaviour patterns.
Up to 15% of spam is made up of "pump and dump" messages
"What this self-learning behavioural engine does is look at the different attributes of the event, not necessarily about the computer or where you are logging on from but about the actual transaction, the trade, the amount of the trade," said Mr Tancredi.
"For example have you liquidated all of your assets in stock that you own in order to buy one penny stock?" he said. "Another example is when a customer who normally trades tech stock on Nasdaq all of a sudden trades a penny stock that has to do with health care and is placing a trade four times more than normal."
Because the software looks at the behaviour of a penny stock it can cope with cases where those buying shares are doing so for the first time or have been victims of identity theft.
"The fraudster may buy that one stock in multiple small chunks to stay under the radar, but we can pick that up and send an alert on that," Mr Tancredi said.
"More subtly it will detect and question if say five people at the same brokerage are trading this one penny stock in a short period of time and that stock has shown a spike in volatility," he said, "that will also raise a red flag."
No exact figures are available for how much scammers using "pump and dump" schemes are getting away with.
Geoff Turner, a senior analyst with Forrester Research, said it was easy to understand why figures were vague.
"People are somewhat shy on reporting losses because it erodes investor confidence," he said.
One pump and dump scheme revolving GTX Global involved tens of millions of dollars, said Mr Turner.
He said software than could effectively stop this kind of fraud in its tracks was something the business world would welcome.
"Pump and dump increases the cost of doing business in terms of the loss in the marketplace," he said.
"VeriSign has taken a proven concept in counter fraud control activity from what they have been successful in doing in the online banking environment and that is to gauge the risk of a specific account activity on the fly and score the risk when they see something that departs from the norm."
Mr Stark from the SEC told the BBC that it could not comment on a commercial product, but said the Commission worked closely with many agencies to pursue fraudsters.
He said: "This is basic lying, cheating and stealing and the message to anyone engaging in these shenanigans is they are going to get caught."