Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” to profit from the scheme.
“With ramp and dump, the scammers do not need to rely on ginning up interest in the targeted stock on social media,” Krebs explains. “Rather, they will preposition themselves in the stock that they wish to inflate, using compromised accounts to purchase large volumes of it and then dumping the shares after the stock price reaches a certain value.”
Krebs says the phishing lures “are sent via Apple’s iMessage and Google’s RCS service and spoof one of the major brokerage platforms, warning that the account has been suspended for suspicious activity and that recipients should log in and verify some information. The missives include a link to a phishing page that collects the customer’s username and password, and then asks the user to enter a one-time code that will arrive via SMS.”
Ford Merrill, a security researcher at SecAlliance, told Krebs that China-based criminal groups are using advanced phishing kits to target Schwab clients, though the phishing kits could easily be updated to target other brokerages. Notably, the kits are designed to bypass multifactor authentication.
“They’ll use all these victim brokerage accounts, and if needed they’ll liquidate the account’s current positions, and will preposition themselves in that instrument in some account they control, and then sell everything when the price goes up,” Merrill told Krebs. “The victim will be left with worthless shares of that equity in their account, and the brokerage may not be happy either.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
KrebsOnSecurity has the story.
