Eeyore's daily list of
known share price manipulation scams.
First things first: the word "Eeyore" is almost certainly a trademark
of the Disney Corporation. However, it's also always been the name
of whichever of my computers has the modem attached to it. I
have included it in the heading for this page in case people are searching
for it.
Please scroll down to see the chronological list of scams.
Since 2004 one or more cybercriminals has been sending out lots of spam
forged to look like it's being sent from eeyore. It
isn't. If
you look at the message headers
("long headers" in some mailers), you'll see that even where there is a machine
identifying itself as "eeyore" it's got the wrong IP
addresses. This
is because the spam is being sent by home PCs that have been infected
by viruses.
How do I get to know about the scams? Well, every time an attack
takes place, a whole bunch of other spammers use the opportunity to
try to get me to buy
their "whitelist" software and join the ranks of
"customers" sending out spam on their behalf. So I get to see a lot
of copies of the original email.
The companies being targeted are normally small "pink sheets"
companies whose shares are traded in the US. The lack of liquidity in such shares makes
it easier for the gang to manipulate the price, but very difficult for their victims
ever to recoup their losses.
I am routinely reporting each new scam to the SEC in the US. With luck,
I'm not the only one forwarding information to them and they will be able
to put the crook behind bars. But that always takes time,
especially when it's not possible to trace them by following their
mail back to its source.
However, working on the principle that forewarned is forearmed, I thought
I'd start this web page. Every time I see a new scam,
I'll post as many details as I can about it here. You can use
the list of companies below to verify that not a single one of the
predictions made by the scammers has ever come true.
You can mail me at webmaster@eeyore.demon.co.uk;.
Publication of this address here does not constitute an expression of
interest in marketing material and does not grant permission to send
any such material. Inappropriate mail sent to this address will be
treated as malicious nuisance mail and reported to the relevant
authorities as such.
If you do send mail, please don't try to
be helpful by submitting the names of other companies which you suspect this
gang or some other might be targeting - I can't list your information here,
simply because I don't know who you are. It would of course be nice to
have some kind of centeralised list of all share price scams, but that requires time
and resources. Perhaps if others are willing to volunteer, we may be able
to make such a centralised anti-scam resource a reality. If you
are a customer of any of the irresponsible whitelist services who have
spammed me in the past, your mail will probably be
discarded. (Sadly, the words "irresponsible" and "whitelist"
today seem to have become synonyms.)
One last thing. Below, I may make some comments about aspects of
the named companies that I find less than transparent. If you
feel that I have maligned your company, just send me a properly
audited set of accounts and I'll amend my comments.
Ian Kemmish
Biggleswade, Bedfordshire.
14th June 2004.
Scammers targeting
Telecommunication Products Inc. shares. Mail apparently originating from Korea
and the US. SEC and Telecommincations Products both informed.
Looking at the graphs, it looks as if this company may have been used
in a successful scam at the beginning of March. If so, today's scam
is a lot less successful.
22 June 2004.
Scammers targeting
XcelPlus International and UPTrend Corporation (a Spanish company) on the same
day. Mail
apparently originating from Korea. Mail refers to press stories
on msn.com. XcelPlus tell me their press releases have been
"hijacked" by the gang and apparently sent to people all over the
world.
24 June 2004.
Targeting XcelPlus again, in a
fresh wave of emails. The graphs show a spike in XcelPlus's share
price earlier this week, so this suggests that although the scam was partially
successful, the gang didn't manage to unload all their shares. One
lives in hope.
I've noticed that many of the mails have
started to be 'signed' with random quotations which look Biblical but
which are probably just made up. I imagine that to fellow members of the
cyber-underworld this would instantly identify the crooks
concerned. If you get any financial spam signed in
this way, and it isn't forged to look like it came from me, I
obviosuly won't have seen it. You could help by reporting it to
the SEC yourself.
26 June 2004.
Targeting XcelPlus yet again.
They seem to be sending out the same mail over and over again, just
altering the dates to suit the latest mailshot.
30 June 2004.
Targeting a company called
Endevco Inc. They seem to once again be using a company press release
as an excuse to send out a spam mail which is otherwise identical to
the ones sent out for XcelPlus.
14 July 2004.
Targeting ExcelPlus yet again.
The spam mail is identical to all previous mails for this company.
19 July 2004.
Targeting ExcelPlus yet again.
Once again, the same spam mail with the dates changed. This
time the mail appears to include a forged quote from a non-existent company
press release.
25 August 2004.
Targeting a company called Vocalscape.
Still the same spam mail promising "an immediate huge PR
campaign". The spammers are regurgitating a press release that's
nearly a week old. This suggests that this is the period during
which they accunulated shares in this company.
26 August 2004.
Targeting a company called
Carroll Shelby International.
Still the same spam, but they are now sending it as HTML mail, and one
bounce report I've seen indicates that they may be attempting to
insert viruses into their mail as well. The fake disclaimer at the
bottom of the spam mentions the name "Emerging Equity Alert". A quick
search revealed
http://www.stockpatrol.com/schlock/articles/axium.html
which suggests these people have "form".
1 September 2004.
Targeting Vocalscape again.
More HTML mail. Now that they're able to do the fake disclaimer in
small print, they actually use it to tell you in advance that they
intend to rip you off. I guess that makes everything OK, then. If
you ignore the forgery, the fraudulent statements, the spam and the
virusses, that is....
9 September 2004.
Targeting Vocalscape again,
once again four working days after a press release from this company.
I have seen both HTML and plain text mail this time.
11 September 2004.
Targeting Vocalscape again,
after another press release from the company. This time the mail is
identified as being from "MicroCap Marketing", who have already
received a cease and desist order from the SEC. For example,
Email Pump and Dump Scams Revealed - from SECLaw.com
.
13 September 2004.
Targeting a company called
Integrated Environmental Technologies Ltd. You can see their reaction
to being used in this way in their press release dated 14th September!
20 September 2004.
Targeting a company called
Uauthorize Corporation. Same strategy, copying a company press
release and passing it off as "report".
13 October 2004.
Not a share price scam.
Today's spam is promoting a website pushing fake
pharmaceuticals. If the spambot being used has been sold on to
another bunch of criminals (these ones appear to be Chinese), this
may mean that the share price scam is over, for now. Or that
this is a fake website, designed to check whether anyone is actually
receiving the spam.
17 October 2004.
This time a share price scam
targeting a company called ICrystal Inc., but in spam sent to several
of my email addresses from a different forged sender
address. Search for ICrystal and you will discover that they are
apparently a franchiser of online casinos whose website has recently
been taken down. Make of that what you will.
18 October 2004.
Back to normal, and an old and
familiar target, Vocalscape.
24 October 2004.
Targeting a company called
American Resource Management Inc. Slightly unusual in that the
company does not appear to have put out any press releases in the past
few days.
31 October 2004.
Targeting Uauthorize Corporation
for the second time.
1 February 2005.
After a gap of a few months, it
seems this spambot is now being used by one of the Chinese phishing
gangs who set up loads of fake online pharmacy sites to gather
people's credit card details. Perhaps this means the pump and dump
crooks have either given up or been apprehended.
4 June 2005.
The pump and dump people are
back, this time targeting a company called "Fire Mountain Beverage
Company". From the company's price chart it looks like they were
targeted last October as well.
8 June 2005.
Today targeting a company Gold
Coast Resources, Inc. Same old formula, making fraudulent claims
about the efficacy of their "tips" and copying a slightly out of date
press release from their new target.
1 July 2005.
Today targeting a company WMD
Holdings Inc, although in their spam they haven't actually managed to
delete all references to Fire Mountain Beverage! Suitable evidence
for the authorities that these really are all coming from just one
group of crooks. A worrying new trend is that this attack seems to
be continuing for several days. Spam sent out on Sunday evening has the
spelling mistake corrected and cites the success of Friday's scam as a
reason you should be happy to become one of their victims. The volume
of spam also seems to be much higher than in previous attacks, maybe
four or more times as much.
11 July 2005.
Today targeting a company
called Intelligent Sports Inc. If you look at this company's share
price chart, it looks as if they also attacked it in February.
24 July 2005.
Today targeting a company
called Advanced Powerline Technologies, Inc.
5 August 2005.
Today targeting a company
called Notch Novelty Co. Slightly unusual for an attack to be
launched on a Friday, but this appears to be a company whose shares
have been traded publicly for only a week. Hopefully, that will
help the SEC to identify the crominals more easily, although from the
low volume of registered share trades reported on reuters.com, it looks
like the criminals have been making unregistered trades to buid up
their holding.
10 August 2005.
Today targeting a company
called Oretech Inc. This is the second attack in less than a
week, and to judge by the comopany's share price charts the attack has
already been going on for a few days. A bizarre aspect of this
attack is that although Oretech
published a press release on 4th August, the press release included in
the spam dates from the 8th June.
13 August 2005.
A fresh batch of spam targeting
Notch Novelty, even though they have put out a press release warning
about the scam.
21 August 2005.
Targetting Notch Novelty yet
again. Each week's spam correctly updates the company's current
share price, but the rest of the mail is identical - so the "3-5 day
price target" and the "massive publicity" are now over two weeks in
the past! Neither, of course, actually came to pass.
Bounced spam is currently arriving here at the rate up to three
messages a minute, and will go on for most of the next three days.
November 2005.
Things went quiet after my letter to the editor of Bloomberb magazine,
alerting people to the scam! They have started up again now, but with mail recruiting runners for
phishing schemes and promoting fake online pharmacies. This may
just be coincidental re-use of my address by some other spammer, but
it seems unlikely that this would only start shortly other the other
spammers stopped using it. Therefore, it is possible that this is the
same group of people.
24 January 2006.
They are back to their first
love, "pump and dump" scams. This time they are targetting a company
called "Gulf Petroleum Exchange". I wonder, did they really
think that if they stopped for six monts and then started again, that I
would not bother to report them to the SEC? How stupid can you get?
29 January 2006.
Targetting Gulf Petroleum
Exchange for a second time.
6 March 2006.
Targetting another oil well,
Golden Apple Oil and Gas. The company name is mis-spelt in at least
three different ways throughout the spam. The company's domain
name is registered to "Align Marketing Strategies", and one of its
press releases mentions a financing round of $100k (presumably
Canadian dollars at that). I suppose it might be possible to
run an oil exploration company on that - what do you think?
14 March 2006.
The same spammers are now
sending mail to addresses in Germany attempting to recruit runners for
money laundering and/or phishing gangs. This pattern has been
repeated twice - push pump-and-dump scams in the US until I publicise
the scam in the US press, then switch to organised crime activities in
Germany - so I'm becoming reasonably confident that it's the same gang
sending all the spam.
August - September 2006.
Not forging my address, but a series of scams involving a company
called "L International" whose only asset appears to be a web site
crammed with artists impressions of non-existent computers. Their
"on-line store" is certainly innovative - not only does it not give
you any means to order goods, it doesn't even have any pricing
information. Of course, this need not be conclusive evidence of
complicity in the scam, but it seems pretty suspicious to
me. This is notable for the sheeer size of the scams
compared to what they were doing previously - they are getting five
or six spam messages per day past even my filters, and on two occasions
more than $10m worth of shares has changed hands. The spam is all in
the same familiar format, so I am confident that this is the same gang
(and it is - see below).
30 September 2006.
A company with the name "Bogue
International". I can't find any reliable information about this
company.
15 October 2006.
A company with the name "Forest
Resources Management". Quite frankly, if the company description
you get when you look this company up on Reuters doesn't put you off,
then nothing I can do will prevent you losing your money.
21 October 2006.
A company with the name "Quantum
Energy Inc", which has been used in previous scams, but not forging my
address before now. They even appear to be spamming email addresses
in China now. Once again, the scams now seem to be on a truly
enormous scale compared to those before.
25 October 2006.
Recruiting runners for money
laundering operations in Australia.
31 October 2006.
Targetting "L International"
again, and this time forging my address, thus confirming my guess that
the same group were responsible.
8 November 2006.
Targetting "Quantum Energy Inc" again.
12 November 2006.
Targetting a company called
"Chef Selections Inc.". The spammers are getting lazy these days, simply
promising a tenfold or twentyfold increase in share price for no reason
whatever.
15 November 2006.
Targetting "L International" yet
again. I see that the "forthcoming press release" promised in the
previous scam relating to this company never materialised, so they
were lying to you even about that.
19 November 2006.
Targetting a company called "PRG
Group Inc". I can't figure out what this company claims to do.
It has a website that is choc-full of meaningless buzzwords, and a
few domain names, all of which are owned not by the company but by a
private individual. This company claims to be an IBM Business
Partner and displays the logo, but IBM's website denies any such
connection.
20 December 2006.
Targetting a company called
"Critical Care Inc." This is, apparently, a Canadian company whose
domain name is registered to someone who lives in New Mexico and who
doesn't even have a company email address. A quick web search
reveals that in the past three years this company has changed its name
and area of business no fewer than three times, all with the same CEO.
28 December 2006.
Targetting a company called
"Wild Brush Energy". Now ask yourself - why would a "business to
business" company have such a pretty website, that shows the company's
share price and harvests email
addresses, yet doesn't manage to publish the street address of the
company's head office? This company has changed its name five times in its
history, and its CEO appears to somehow be able to find the time to
hold the same post in more than one company! Of course it could
all be above board; I'm just suggesting some questions that you should
ask yourself. As for the spam, well it ended up with the same "five day
price target" for over two weeks without ever approaching it....
There have been four of five scams using similarly formatted spam
emails over the Christmas break. That two of them came from the
crooks impersonating me gives me some confidence that they all
did, but my rule is that I only post here if there's no doubt.
8 January 2007.
Targetting "L International"
again. I've now seen more than two
quarters worth of press releases from this company without so much as a
whiff of results. Perhaps you should ask yourself why such a
normally effusive press department is so coy about actual results.
23 January 2007.
Targetting a company called "The
Motion Picture Group".
22 February 2007.
Targetting a company called
"China Fruits Corporation". I think they have been targetting this
company for a while, but this is the first time I have seen them forge
my address.
24 May 2007.
Targetting a company called
"Tyche Energy" on the Frankfurt Stock Exchange. This is
significant because this proves that this is the same group of
scammers who in March sent me spam offering their services for a fee
of 10% of the share turnover resulting from their criminal
activity. Which of course I immedaitely reported to both the SEC
and the German regulator Bafin. This mistake of theirs, to
continue sending spam impersonating me, provides a firm link between
both sets of scams. It also provides extra evidence supporting
the idea that previous criminal activity in Germany (selling
counterfeit goods, see above) was also undertaken by the same group.
25 May 2007.
Targetting a company called
"Mobile Email US", again on the Franfurt Stock Exchange. Maybe
I'm seeing patterns that aren't there, but judging
by the volume of bounced spam I received for this one, I suspect that
I may have experienced an attempt at a mail denial of service
attack. I guess that means I'm doing something right!
2 August 2007.
Targetting a company called
"Exchange Mobile Telecommunications" by means of attached PDF
files. There was a previous attack not forging my address on 29
July; I notified the SEC and informed the company. Perhaps the
fact that they are now forging my address is connected to this.
10 October 2007.
Targetting
"Mobile Email US" again.