Sponsored by..

Thursday 9 October 2014

Spam: Confederation MineraIs / Confederation Minerals (CNRMF) pump-and-dump

This high-volume pump-and-dump spam run is promoting the Confederation Minerals (CNRMF) stock, although the spam itself intentionally mis-spells it as Confederation MineraIs with a capital "I" replacing the lowercase "l".

From:     TheStreet  
Date:     9 October 2014 12:29
Subject:     The Stocktip Of The Year

 You've been patient for a while now and finally it's time.

Confederation MineraIs (CNRMF) is on the verge of exploding.

Thats because they have hundreds ofmillions of precious metals on their property and they are weeks away from beginning to dig it out and selling it up the distribution chain.

It is trading at such a bargain right now that CNRMF is a no-brainer.

Snap up as many shares of it as you can today before it goes up too high.

Everyone is certain that we will see it hit past 40cents before month's end.

63 South Main Street, Newtown CT 06470

The  TheStreet, Inc. Press | Customer Service | Privacy Policy

You received this message because you are a  TheStreet, Inc. customer or have registered at  TheStreet.com.
This email was sent to you by The  TheStreet, Inc.. Click here to update your email preferences.

We can see clearly from the Yahoo! Finance page that CNRMF is a disaster area. The stock has slumped from $1.33 in April 2011 to $0.06 today.

Usually the shares are very thinly traded with either zero trades or trades in the low thousands on most days (average trades are about 2000 per day or $120 at today's prices) . The reason for the poor share price is apparent when you look at the financials. As with several other stocks promoted through spam (especially mining stocks) there is zero income and only a bunch of expenditure.

The spam argues that this is going to be OK because CNRMF are sitting on an enormous pile of precious metals which they are shortly going to be selling off. Of course if they were actually sitting on a goldmine then the smart thing to do would be hold onto the stocks until the money comes in. In reality, the chances of this happening are approximately zero.

There doesn't seem to be a particular pattern of stock buying going on, which indicates perhaps that the pump and dump spam is being arranged by some existing stockholder trying to cash out.

Only a fool would invest in CNRMF in response to this sort of spam message. Avoid.

UPDATE 2014-10-10: a second version is now being spammed out..

From:     Thanh Ford
Date:     10 October 2014 15:50
Subject:     Sorry for my late reply

Hi [redacted],

I got your voicemail yesterday about the stock tip you want, sorry I couldnt pick up the phone I was on with the wife you know how she is but please next time don't call the house line, I would prefer if you come in to my office instead. In person is always better. Anyway your timing is impeccable you are very lucky. There's this insane little company (confederation minerals) that was exchanging hands for like a dollar and a half last year and now you can grab it for around 10 cents. These guys are sitting on gold, literaly. They have proven reserves worth a few hundred mill and theyre about to begin digging out the stuff in a few months.

You better bet the stokc is gonna go nuts in the coming weeks when they make the drilling announcement. Take care and if you need anything else give me a shout. The stokc is CNRMF and if I were you id grab as many shares as I can, everyone at the office thinks this one is gonna go up at least 5x soon.


15 comments:

Unknown said...

Thanks for the heads up. Not sure how they even found my work email but it happened to be at the perfect time because I'm doing research on what stocks to invest in. I've been keeping an eye on QFOR for a while now.

TomR said...

Hi,

Do you have any idea how to find the originator of this spam? They're actually forging my e-mail address in their outgoing spam--I'm getting bouncebacks from the deliverable messages they sent out.

Thanks!

Harelin said...

Tom, I'm in the same boat. I found this blog by investigating the bounce emails I received this morning.

Amazing2 said...

Same her folks. My domain name is being used by these low lifes. Ughh.

ShringTech said...

For those of you that are asking about the "forging of the from address" ... this is not forging as it didnt come from your server. My company hosts email for thousands of companies and its a question that my helpdesk gets asked all the time.

All that is happening is that they are replacing the random FROM to the recipients email address. It has NO impact on your personal/work email. The likelyhood of them knowing you have anything to do with or interested in CNRMF is zero.

Sorry to tell you but these emails do not come from a formal email server but usually an infected machine somewhere so that you cannot trace them.

Welcome to the horrible world of spam.

RG

ShringTech said...

A few corrections ...

For those of you that are asking about the "forging of the from address" ... this is not forging as you know it. It didnt come from your email server obviously. My company hosts email for thousands of companies and its a question that my helpdesk gets asked all the time.

All that is happening is that they are replacing the random FROM to the recipients email address ... in this case ... yours. It has NO impact on your personal/work email. The likelyhood of them knowing you have anything to do with or interested in CNRMF is zero.You as well as millions of others got the same email. However folks like us are the ones who thay are targeting thinking that we will support the pumpndump scam. Unfortunatly many do.

Sorry to tell you but these emails do not come from a formal email server but usually an infected machine somewhere so that you cannot trace them.

Welcome to the horrible world of spam.

I would encourage you to NEVER invest or even consider a stock suggestion sent to you via email unless it is from someone you know such as your broker, cpa, etc. These never go well and will always cost you in the end.

RG

Brisvegas said...

Great analysis!
A question: does anyone know if these pump and dump scams actually work? Ie is there a history of stock prices rising considerably, even if only for a short period of time, after these scams are released?

Conrad Longmore said...

@Brisvegas I read some time ago some research (no link, sorry) that basically said "no".. it isn't possible to make money because by the time most investors would try to exploit it, the stock is already priced at much more than it is actually worth, after which the price tends to drop quite quickly.

In some cases (not all) the price goes up BEFORE the pump-and-dump because one of the interested parties moves in with a stock buy before starting the spam run.

But the important thing to realise about these thinly traded stocks is the the share price can be completely illusory. That is of course true of *all* stocks to a certain extent, but with these stocks it is easier to rig the game.

ChrisC said...

Yeah I'm getting it too. My email provider allows a *@mysubdomain.provider.com arrangement and they're using the sender's first part of their email address @mysubdomain.provider.com, so they bounce back to me.

They all seem to be coming from a single computer rather than a botnet. All messages have the following header:
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
by sloti34d2t07 (Cyrus git2.5+0-git-fastmail-9884) with LMTPA;

Somehow they're hiding the path they're sending out from, unfortunately...

I've put a rule in place to reject anything coming from sloti34d2t07. It doesn't stop the spammer but it stops my inbox getting clogged.

Email is so broken.

ChrisC said...

Oh and a final word of warning, don't complain to them on their website. I used a temporary, disposable email address (luckily) and had an instant spam email sent back, identical to the ones that were getting bounced.

TomR said...

@ShringTech

I agree with your second comment, they're just using my e-mail address (or, as @ChrisC notes, variations on it) from their own servers or botnets.

But I disagree that it doesn't have any impact on my e-mail. For one thing, bounce backs don't seem to get caught by my spam filter. I'm a small business owner, so can't ignore my e-mail, and getting a few dozen extra messages a day to look at and delete is disruptive. It also gets my e-mail address added to spam blacklists.

Really, my thought was that by using other people's e-mail addresses, they've crossed from spam to fraud, and we might have legal recourse beyond CAN-SPAM. Obviously, we have to find them first. The pump-n-dumps are bad, since there's no obvious way back to the beneficiary.

J Dougherty said...

I like the personality of the "author" of the email. I want to shake his hand and smack his wife.

Harelin said...

They appear to be coming from IP addresses in random countries - Vietnam, Colombia and Spain being the sources of the first three I checked. I too run a small business and this is the first time I have experienced someone spoofing my domain. It is very frustrating, but I suspect all we can do now is filter the incessant bounce notifications, and/or stop using a catch-all email address with our domains.

ShringTech said...

@TomR

Yes .. I used a bad choice of words there. What I was trying to convey is that it doesn't have any impact on your ability to send/receive nor is it seen by anyone else. Emails are not going to others as tomr@yourdomain.com.

I completely understand the SBS aspect. I too am a SBS who just happens to be a tech firm but have the same level of criticality to my email as any business owner. Hence why I even posted a response ... as this is my field of business. Educate.

Agreed that IF they were representing themselves as you ... then that line has been crossed and is actionable if you can get any judicial individual to give you the time of day on this topic. In my experience, it is highly unlikely, unless money has changed hands somehow. We've had the "fortunate" opportunity of working with local, state and federal agencies on various issues as we do quite a bit of forensics works for our customers. Its just crazy that you can get little attention until money is involved and then you get everyone's attention whether you want it or not.

Be clear ... what is generating these emails is a script (usually javascript) running on infected pc's or websites without the owner knowing it. This is why ChrisC is seeing them from different ip's and most likely different countries. This process is what is behind 95% of the spam we all receive. Approx a million inbound emails pass through out platform a month of which less than 300k are legit. Just ridiculous.

Just recently had one of our own customer's websites (old not updated code) be compromised with one of these scripts and that single site was generating (or trying to) tens of thousands of emails per hour.The recipient list was coming from another script running on a server overseas which was being fed be a 3rd server elsewhere. Just crazy what they go through to send this crap however if you look at it from spammers point of view ... they send 1 million emails and just assume less than 1% fall for it ... your still talking big numbers that conceptually could affect a stock price.

ChrisC said...

@ShringTech, actually I believe they're coming from a single computer rather than a botnet. Every email I received had an internal IP address with a common mail program (Cyrus) and the same identifer (sloti34d2t07). Since I put a rule in to discard emails with that ID in the header all my false bounce messages have ceased.

I also noticed that the company itself has put out a press release saying they're not spammers. Which is funny since the "contact us" form seems to result in instantaneous spam.