Eeyore's daily list of known share price manipulation scams. 



First things first: the word "Eeyore" is almost certainly a trademark of the Disney Corporation.  However, it's also always been the name of whichever of my computers  has the modem attached to it.  I have included it in the heading for this page in case people are searching for it.

Please scroll down to see the chronological list of scams.

Since 2004 one or more cybercriminals has been sending out lots of spam forged to look like it's being sent from eeyore.  It isn't.  If you look at the message headers ("long headers" in some mailers), you'll see that even where there is a machine identifying itself as "eeyore" it's got the wrong IP addresses.  This is because the spam is being sent by home PCs that have been infected by viruses.
How do I get to know about the scams?  Well, every time an attack takes place, a whole bunch of other spammers use the opportunity to try to get me to buy their "whitelist" software and join the ranks of "customers" sending out spam on their behalf.  So I get to see a lot of copies of the original email.


The companies being targeted are normally small "pink sheets" companies whose shares are traded in the US.  The lack of liquidity  in such shares makes it easier for the gang to manipulate the price, but very difficult for their victims ever to recoup their losses.

I am routinely reporting each new scam to the SEC in the US.  With luck, I'm not the only one forwarding information to them and they will be able to put the crook behind bars.  But that always takes time, especially when it's not possible to trace them by following their mail back to its source.

However, working on the principle that forewarned is forearmed, I thought I'd start this web page.  Every time I see a new scam, I'll post as many details as I can about it here.  You can use the list of companies below to verify that not a single one of the predictions made by the scammers has ever come true.


You can mail me at webmaster@eeyore.demon.co.uk;. Publication of this address here does not constitute an expression of interest in marketing material and does not grant permission to send any such material.  Inappropriate mail sent to this address will be treated as malicious nuisance mail and reported to the relevant authorities as such.

If you do send mail, please don't try to be helpful by submitting the names of other companies which you suspect this gang or some other might be targeting - I can't list your information here, simply because I don't know who you are.  It would of course be nice to have some kind of centeralised list of all share price scams, but that requires time and resources.  Perhaps if others are willing to volunteer, we may be able to make such a centralised anti-scam resource a reality.  If you are a customer of any of the irresponsible whitelist services who have spammed me in the past, your mail will probably be discarded.  (Sadly, the words "irresponsible" and "whitelist" today seem to have become synonyms.)


One last thing.  Below, I may make some comments about aspects of the named companies that I find less than transparent.  If you feel that I have maligned your company, just send me a properly audited set of accounts and I'll amend my comments.
Ian Kemmish
Biggleswade, Bedfordshire.



14th June 2004.
        Scammers targeting Telecommunication Products Inc. shares.  Mail apparently originating from Korea and the US.  SEC and Telecommincations Products both informed. Looking at the graphs, it looks as if this company may have been used in a successful scam at the beginning of March.  If so, today's scam is a lot less successful.

22 June 2004.
        Scammers targeting XcelPlus International and UPTrend Corporation (a Spanish company) on the same day.  Mail apparently originating from Korea.  Mail refers to press stories on msn.com.  XcelPlus tell me their press releases have been "hijacked" by the gang and apparently sent to people all over the world.

24 June 2004.
        Targeting XcelPlus again, in a fresh wave of emails.  The graphs show a spike in XcelPlus's share price earlier this week, so this suggests that although the scam was partially successful, the gang didn't manage to unload all their shares. One lives in hope.

        I've noticed that many of the mails have started to be 'signed' with random quotations which look Biblical but which are probably just made up.  I imagine that to fellow members of the cyber-underworld this would instantly identify the crooks concerned.  If you get any financial spam signed in this way, and it isn't forged to look like it came from me, I obviosuly won't have seen it.  You could help by reporting it to the SEC yourself.

26 June 2004.
        Targeting XcelPlus yet again. They seem to be sending out the same mail over and over again, just altering the dates to suit the latest mailshot.

30 June 2004.
        Targeting a company called Endevco Inc. They seem to once again be using a company press release as an excuse to send out a spam mail which is otherwise identical to the ones sent out for XcelPlus.

14 July 2004.
        Targeting ExcelPlus yet again.   The spam mail is identical to all previous mails for this company.

19 July 2004.
        Targeting ExcelPlus yet again.   Once again, the same spam mail with the dates changed.  This time the mail appears to include a forged quote from a non-existent company press release.

25 August 2004.
        Targeting a company called Vocalscape.   Still the same spam mail promising "an immediate huge PR campaign".  The spammers are regurgitating a press release that's nearly a week old.  This suggests that this is the period during which they accunulated shares in this company.

26 August 2004.
        Targeting a company called Carroll Shelby International.   Still the same spam, but they are now sending it as HTML mail, and one bounce report I've seen indicates that they may be attempting to insert viruses into their mail as well. The fake disclaimer at the bottom of the spam mentions the name "Emerging Equity Alert". A quick search revealed http://www.stockpatrol.com/schlock/articles/axium.html which suggests these people have "form".

1 September 2004.
        Targeting Vocalscape again.   More HTML mail. Now that they're able to do the fake disclaimer in small print, they actually use it to tell you in advance that they intend to rip you off. I guess that makes everything OK, then. If you ignore the forgery, the fraudulent statements, the spam and the virusses, that is....

9 September 2004.
        Targeting Vocalscape again, once again four working days after a press release from this company.   I have seen both HTML and plain text mail this time.

11 September 2004.
        Targeting Vocalscape again, after another press release from the company. This time the mail is identified as being from "MicroCap Marketing", who have already received a cease and desist order from the SEC. For example, Email Pump and Dump Scams Revealed - from SECLaw.com .

13 September 2004.
        Targeting a company called Integrated Environmental Technologies Ltd. You can see their reaction to being used in this way in their press release dated 14th September!

20 September 2004.
        Targeting a company called Uauthorize Corporation.  Same strategy, copying a company press release and passing it off as "report".

13 October 2004.
        Not a share price scam.  Today's spam is promoting a website pushing fake pharmaceuticals. If the spambot being used has been sold on to another bunch of criminals (these ones appear to be Chinese), this may mean that the share price scam is over, for now.  Or that this is a fake website, designed to check whether anyone is actually receiving the spam.

17 October 2004.
        This time a share price scam targeting a company called ICrystal Inc., but in spam sent to several of my email addresses from a different forged sender address.  Search for ICrystal and you will discover that they are apparently a franchiser of online casinos whose website has recently been taken down.  Make of that what you will.

18 October 2004.
        Back to normal, and an old and familiar target, Vocalscape.

24 October 2004.
        Targeting a company called American Resource Management Inc.  Slightly unusual in that the company does not appear to have put out any press releases in the past few days.

31 October 2004.
        Targeting Uauthorize Corporation for the second time.

1 February 2005.
        After a gap of a few months, it seems this spambot is now being used by one of the Chinese phishing gangs who set up loads of fake online pharmacy sites to gather people's credit card details. Perhaps this means the pump and dump crooks have either given up or been apprehended.

4 June 2005.
        The pump and dump people are back, this time targeting a company called "Fire Mountain Beverage Company".  From the company's price chart it looks like they were targeted last October as well.

8 June 2005.
        Today targeting a company Gold Coast Resources, Inc.  Same old formula, making fraudulent claims about the efficacy of their "tips" and copying a slightly out of date press release from their new target.

1 July 2005.
        Today targeting a company WMD Holdings Inc, although in their spam they haven't actually managed to delete all references to Fire Mountain Beverage!  Suitable evidence for the authorities that these really are all coming from just one group of crooks.  A worrying new trend is that this attack seems to be continuing for several days.  Spam sent out on Sunday evening has the spelling mistake corrected and cites the success of Friday's scam as a reason you should be happy to become one of their victims.  The volume of spam also seems to be much higher than in previous attacks, maybe four or more times as much.

11 July 2005.
        Today targeting a company called Intelligent Sports Inc.  If you look at this company's share price chart, it looks as if they also attacked it in February.

24 July 2005.
        Today targeting a company called Advanced Powerline Technologies, Inc.

5 August 2005.
        Today targeting a company called Notch Novelty Co.  Slightly unusual for an attack to be launched on a Friday, but this appears to be a company whose shares have been traded publicly for only a week. Hopefully, that will help the SEC to identify the crominals more easily, although from the low volume of registered share trades reported on reuters.com, it looks like the criminals have been making unregistered trades to buid up their holding.

10 August 2005.
        Today targeting a company called Oretech Inc.  This is the second attack in less than a week, and to judge by the comopany's share price charts the attack has already been going on for a few days.  A bizarre aspect of this attack is that although Oretech published a press release on 4th August, the press release included in the spam dates from the 8th June.

13 August 2005.
        A fresh batch of spam targeting Notch Novelty, even though they have put out a press release warning about the scam.

21 August 2005.
        Targetting Notch Novelty yet again.  Each week's spam correctly updates the company's current share price, but the rest of the mail is identical - so the "3-5 day price target" and the "massive publicity" are now over two weeks in the past!  Neither, of course, actually came to pass.  Bounced spam is currently arriving here at the rate up to three messages a minute, and will go on for most of the next three days.

November 2005.
        Things went quiet after my letter to the editor of Bloomberb magazine, alerting people to the scam!  They have started up again now, but with mail recruiting runners for phishing schemes and promoting fake online pharmacies.  This may just be coincidental re-use of my address by some other spammer, but it seems unlikely that this would only start shortly other the other spammers stopped using it. Therefore, it is possible that this is the same group of people.

24 January 2006.
        They are back to their first love, "pump and dump" scams.  This time they are targetting a company called "Gulf Petroleum Exchange".  I wonder, did they really think that if they stopped for six monts and then started again, that I would not bother to report them to the SEC?  How stupid can you get?

29 January 2006.
        Targetting Gulf Petroleum Exchange for a second time.

6 March 2006.
        Targetting another oil well, Golden Apple Oil and Gas. The company name is mis-spelt in at least three different ways throughout the spam.  The company's domain name is registered to "Align Marketing Strategies", and one of its press releases mentions a financing round of $100k (presumably Canadian dollars at that).  I suppose it might be possible to run an oil exploration company on that - what do you think?

14 March 2006.
        The same spammers are now sending mail to addresses in Germany attempting to recruit runners for money laundering and/or phishing gangs.  This pattern has been repeated twice - push pump-and-dump scams in the US until I publicise the scam in the US press, then switch to organised crime activities in Germany - so I'm becoming reasonably confident that it's the same gang sending all the spam.

August - September 2006.
        Not forging my address, but a series of scams involving a company called "L International" whose only asset appears to be a web site crammed with artists impressions of non-existent computers.  Their "on-line store" is certainly innovative - not only does it not give you any means to order goods, it doesn't even have any pricing information.  Of course, this need not be conclusive evidence of complicity in the scam, but it seems pretty suspicious to me.  This is notable for the sheeer size of the scams compared to what they were doing previously - they are getting five or six spam messages per day past even my filters, and on two occasions more than $10m worth of shares has changed hands.  The spam is all in the same familiar format, so I am confident that this is the same gang (and it is - see below).

30 September 2006.
        A company with the name "Bogue International". I can't find any reliable information about this company.

15 October 2006.
        A company with the name "Forest Resources Management".  Quite frankly, if the company description you get when you look this company up on Reuters doesn't put you off, then nothing I can do will prevent you losing your money.

21 October 2006.
        A company with the name "Quantum Energy Inc", which has been used in previous scams, but not forging my address before now.  They even appear to be spamming email addresses in China now.  Once again, the scams now seem to be on a truly enormous scale compared to those before.

25 October 2006.
        Recruiting runners for money laundering operations in Australia.

31 October 2006.
        Targetting "L International" again, and this time forging my address, thus confirming my guess that the same group were responsible.

8 November 2006.
        Targetting "Quantum Energy Inc" again.

12 November 2006.
        Targetting a company called "Chef Selections Inc.".  The spammers are getting lazy these days, simply promising a tenfold or twentyfold increase in share price for no reason whatever.

15 November 2006.
        Targetting "L International" yet again.  I see that the "forthcoming press release" promised in the previous scam relating to this company never materialised, so they were lying to you even about that.

19 November 2006.
        Targetting a company called "PRG Group Inc".  I can't figure out what this company claims to do. It has a website that is choc-full of meaningless buzzwords, and a few domain names, all of which are owned not by the company but by a private individual.  This company claims to be an IBM Business Partner and displays the logo, but IBM's website denies any such connection.

20 December 2006.
        Targetting a company called "Critical Care Inc."  This is, apparently, a Canadian company whose domain name is registered to someone who lives in New Mexico and who doesn't even have a company email address.  A quick web search reveals that in the past three years this company has changed its name and area of business no fewer than three times, all with the same CEO.

28 December 2006.
        Targetting a company called "Wild Brush Energy".  Now ask yourself - why would a "business to business" company have such a pretty website, that shows the company's share price and harvests email addresses, yet doesn't manage to publish the street address of the company's head office?  This company has changed its name five times in its history, and its CEO appears to somehow be able to find the time to hold the same post in more than one company!  Of course it could all be above board; I'm just suggesting some questions that you should ask yourself.  As for the spam, well it ended up with the same "five day price target" for over two weeks without ever approaching it....

There have been four of five scams using similarly formatted spam emails over the Christmas break.  That two of them came from the crooks impersonating me gives me some confidence that they all did, but my rule is that I only post here if there's no doubt.

8 January 2007.
        Targetting "L International" again.  I've now seen more than two quarters worth of press releases from this company without so much as a whiff of results.  Perhaps you should ask yourself why such a normally effusive press department is so coy about actual results.

23 January 2007.
        Targetting a company called "The Motion Picture Group".

22 February 2007.
        Targetting a company called "China Fruits Corporation". I think they have been targetting this company for a while, but this is the first time I have seen them forge my address.

24 May 2007.
        Targetting a company called "Tyche Energy" on the Frankfurt Stock Exchange.  This is significant because this proves that this is the same group of scammers who in March sent me spam offering their services for a fee of 10% of the share turnover resulting from their criminal activity.  Which of course I immedaitely reported to both the SEC and the German regulator Bafin.  This mistake of theirs, to continue sending spam impersonating me, provides a firm link between both sets of scams.  It also provides extra evidence supporting the idea that previous criminal activity in Germany (selling counterfeit goods, see above) was also undertaken by the same group.

25 May 2007.
        Targetting a company called "Mobile Email US", again on the Franfurt Stock Exchange.  Maybe I'm seeing patterns that aren't there, but judging by the volume of bounced spam I received for this one, I suspect that I may have experienced an attempt at a mail denial of service attack.  I guess that means I'm doing something right!

2 August 2007.
        Targetting a company called "Exchange Mobile Telecommunications" by means of attached PDF files.  There was a previous attack not forging my address on 29 July; I notified the SEC and informed the company.  Perhaps the fact that they are now forging my address is connected to this.

10 October 2007.
        Targetting "Mobile Email US" again.