STOCK SCAMS A GROWING THREAT

Here we are, well on our way into the 21st century. The human race has been around for at least 5,767 years as of last weekend (the Jewish New Year), and we've been working with e-mail, Internet and spam for over a decade already. With those credentials, you'd think people would know better.

Well, we do know better – but some people never learn. The proof? Many people are following the advice offered in the flood of stock-scam spam that has hit the Internet in recent months, leaving virtually no computer immune.

I'm sure that some To The Pointers are among them.

According to a recent study by Internet researchers at Harvard and Purdue Universities, the prices of "penny stocks" being touted in mass mailings to suckers actually rose significantly after a batch of messages were sent – as if recipients were rushing to their online brokers to buy the likes of Cyberhand Tech and  ThermaFreeze Products in the hope that they could double their money.

Well, the come-ons are certainly appealing: "Big Announcement Monday morning is going to make this stock explode!" It's a scam, of course; all part of "pump and dump" schemes, where scammers buy stock in companies that exist mainly on paper and are traded on unsupervised exchanges, and then dump the shares on those who respond to their spam.

It must be working, because in the past few months stock spam has begun edging out fat pills and Viagra messages in my inbox!

But I'll leave pump-and-dump investigations to the money guys; I'm much more concerned about the fact that stock spam manages time and again to get past my e-mail filters, rendering them nearly helpless against this new plague.

That's right, helpless. You can't blacklist particular e-mail addresses, because they use different ones each time; ditto for the domains these messages come from, which don't even seem to exist. Keywords don't work, because many of these messages have no words at all, and it doesn't do any good to filter out messages with HTML images or attachments, because there aren't any!

These sneaky spammers have hit upon a novel way to make sure their messages get through: inserting a .png (a graphics format) image into a line of text, with the actual spam message in the picture!

You might have noticed that some of these messages start out with what looks like a newspaper article or the contents of a romance novel – but most come with no actual text at all, the better to evade altogether any text-based spam filters.

The image is inserted as part of the empty body of text, just as you would insert, say, a table into a text document in Word. And although you are getting an image, it's not the standard HTML image that most e-mail programs filter out.

The image in this case is the pump-and-dump spiel about how you can get in on the ground floor and make out like a bandit by following investment advice from an malicious anonymous source!

In other words, although it looks as if you're reading a text message, you aren't. Check out the headers in these messages and you'll see that instead of the usual "Text/HTML" content type, these messages use another content type, called "multipart/alternative," which many POP mail programs can't filter out on their own.

Spammers who send this stuff are taking a chance, because the "links" in them – whether URLs or e-mail addresses – cannot be clicked on, so they must be expecting recipients to actually type, or at least copy and paste, the links into their browsers. Maybe that's why the penny stock people have focused on this spam method – if you're going to make people do extra work, you have to promise them a reward.

But of course, the fact that you're reading this column means you're too smart to fall for these schemes.

Why put up with these messages if they're not going to make you any money anyway? If you have a Gmail account, you're in luck, because it looks as if the Gmail people have figured out how to deal with this nuisance; whereas a few months ago these messages were getting into my Gmail inbox, in the past couple of weeks they are going directly into the spam folder.

If you're using Outlook Express, you'll need a separate spam filter program (try MailWasher, although you may have to manually set up a filter for multipart/alternative content; Thunderbird has a built-in filter you can easily set up from within the program.

And just in case you are tempted to send some money to the penny stock people, check this out – this guy's lost $50,000 of virtual money already.

The best way to deal with these messages? Run your own "pump and dump" scheme. When they try to pump their penny stocks, just dump their e-mail into the trash with your newfound filters!

Dennis Turner