Since I haven't had a computer-related post for a while, I thought I'd do one. This one's prompted by a question from a colleague during a conversation yesterday (actually, she's partly responsible for funding the antispam work we're doing, so I should make sure to give a good answer).
"I have a question," said my colleague. "Lately I've been getting a lot of email messages telling me that I should buy certain stocks. What's that all about, and why aren't the spam filters catching them?"
Phony stock tips have been around for a long time, well before they migrated to email, and what it's about is that people figured out that if they can buy some stock today, then generate massive trading volume on that stock tomorrow, the price will go up briefly before it goes down. They can sell it during that brief "up" period and make money on it, and they can generate the massive trading volume with a big spam run touting the stock. That last part is what email has added to the scheme (which is called a "pump and dump" scheme, consistent with the aesthetic appeal of rhyming or alliteration).
It's not a new scheme in general, as I said, and it's not new to email, either; I have to assume that my colleague just happened not to be on those spam lists until recently. Obvious skepticism comes up, of course: "Surely no one would believe these things!" No, of course they wouldn't. Would you believe a stock tip that you got in a spam message? You'd have to be an idiot.
Sadly, though, there are a great many idiots around. That it works (and, therefore, that people do believe them and buy the stocks) is shown by the longevity of the scheme. But don't just believe that. The New York Times reports on a study of the scheme that found hard evidence of its effectiveness at briefly pushing up the stock's value:
Sure enough, the professors found a distinct price pattern in the touted stocks. It pointed unambiguously to spammers buying stock before the days when they sent their messages and selling as those messages were received. On average, a touted stock gained 4.6 percent more than comparable issues on the trading day just before the spam’s peak volume day. On the peak volume day itself — when the professors believe that the spammers sell the bulk of their shares — the stock’s price stayed more or less even. But one trading day later, the return was 5.9 percent lower than that of comparable issues. The professors concluded that unscrupulous traders were able to turn a tidy profit by buying shares before sending their spam and then selling as investors started acting on the spam’s advice. In contrast, investors who bought shares realized a sizable loss.
My colleague was surprised to see that this is pervasive enough to make it to the NY Times; in fact, according to the article:
Based on industry data, the professors estimate that as many as 100 million stock-touting junk messages are sent around the world in an average week, accounting for as much as 10 percent of all Internet e-mail traffic.
Maybe some of those who buy the stock actually know what's going on, but think that they can join the scammers in capitalizing on the price bump. But that's unlikely — you'd have to be one of the first to buy the stock, before the price starts to rise, and you'd have to dump it at just the right time. It's possible, but you probably wouldn't get it right. No, the only ones to profit are the ones pumping the stock (and even for them there's some risk)
What about the other part of the question, about why we're not blocking them? Well, in fact, some of our experimental filters are doing better at blocking them than the production ones are, but there really are a few factors that make these harder than other kinds of spam to catch. The ones that over-hype things are easier; "Super hot stock tip!" will probably wind up in the dustbin. But the more they can make them look like mail from your broker, the harder they are for the content filters to distinguish. And if they're sent from zombies, block lists won't do very well either.
This is where filter personalization can help, though that requires individual training. If you don't communicate with stock brokers or financial advisers online, a system that learns individual preferences can be taught that even the messages that look like legitimate mail from your broker are spam. Short of that, some of these will get through. That's why there's a "delete" key.