Sophos identifies the most prevalent spam categories of 2005

Sophos Press Release

Stock scams on the rise as usual suspects remain on top

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the results of its research into the most prominent spam categories during the first six months of 2005. According to Sophos, while emails advertizing medicines and low-interest loans continue to irritate computer users and congest corporate networks, dangerous new categories of spam are growing in prevalence.

The research, compiled by SophosLabs, Sophos's global network of virus and spam analysis centers, shows that the volume of company stock scams - sometimes known as 'pump-and-dump' schemes - have increased at an average rate of 10% each month this year, eventually accounting for 8.5% of all spam traffic by the end of June 2005. Unsolicited emails offering pills or medications, including generic or non-brand name versions of Viagra and other pharmaceuticals, accounted for more than 40% of the total.

The top five spam categories spanning from January 2005 to June 2005 are as follows:

Position Spam category Percentage of reports
1. Medication/pills 41.4%
2. Mortgage 11.1%
3. Adult content 9.5%
4. Stock scams 8.5%
5. Product 8.3%
Other 21.2%

"Over the last six months, the usual suspects - medication and mortgages - have remained at the top of the spam charts, but the increasing prevalence of stock scam spam represents a worrying new financial threat," said Graham Cluley, senior technology consultant at Sophos. "The spammers aim to quickly and cheaply circulate false information about a company's stock via email, often combining it with snippets taken from genuine press releases to lure potential investors."

Stock scam campaigns tend to run for short durations, keeping overall volumes low. Even though some of the information provided may be accurate, the deceptive and unsolicited nature of the messages qualifies them as spam.

"Using companies with limited assets, these charlatans stop advertising the stock once they've disposed of their shares, often causing the price to fall and meaning that investors ultimately lose their cash," added Cluley.

The majority of these campaigns employ obfuscation techniques, using word variations such as 'st0ck' or 'stox' to avoid being caught by spam filters. Messages can arrive in many different formats, such as HTML or plain text, and are almost always sent via hijacked 'zombie' PCs.

"Social engineering through email, where scam artists take advantage of unsophisticated computer users, is on the rise and represents a dangerous trend," said Brian Burke, IDC Research Manager. "Stock scams, combined with traditional phishing techniques, can result in significant financial loss for victims of these swindles."

Sophos recommends that the most effective way for businesses to reduce spam and other threats is to adopt a multi-layered defense as well as implement a best practice policy regarding email account usage. Users can also learn how to best minimize the influx of unwanted email by following a few simple guidelines.

Graphics of the above top five-category chart can be downloaded here:

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at