Once the attacker has
gained this information, the criminal uses the individual??™s identity to transfer money
from personal accounts, manipulate online auction sites, and perform widespread financial
identity theft.
A recent innovation in online fraud has been the combination of modern intrusion
techniques, such as malware infection and botnets, with the age-old scam known as stock
pumping. This technique relies on the ability of a small number of investors to affect the
price of ultra-cheap and low-volume securities, such as stocks listed as pink sheets. For
as long as stock markets have existed, fraudsters have attempted to make their fortunes
in this manner, generally by hyping fabricated positive news for the company through
flyers, word-of-mouth, and direct phone calls from organizations known as ???Boiler
Rooms.??? The success of spammers in the late 1990s and early 2000s in selling counterfeit
pharmaceuticals and luring individuals into classic confidence scams led to stock
pumpers adopting the same advertising techniques. Traditionally, an individual would
be affected by this scam only if he fell for the deceptive online message posting or spam
e-mail.
With a cross-domain vulnerability in an online stock broker, stock pumpers can forgo
the difficult step of convincing an individual to buy a stock, and can go straight to the
source of authority as far as the online broker is concerned??”the user??™s web browser.
Pages:
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267