Page 2 of 2

"It's not difficult to create the flyers; you rip the content from professional marketing campaigns and change the details to match the share you're selling," he said. "The better versions have faded text designed to be difficult to see with a naked eye, but is enough to fool some conventional spam software."

Sophoslabs reported several examples of the spam campaign which used a small cosmetics company and an e-mail string telling users to sell particular shares rather than buy - most recently in a company called Digital Learning Corporation.

Sophoslabs' senior technology consultant Graham Cluley said the same degree of caution used when opening unsolicited e-mail attachments or supplying personal details should also be applied to any purchase or response based on unverified stock advice.

"People should think twice about why someone they've never heard from before might be telling them which shares to buy," Cluley said.

Ducklin recommends a "don't try, don't buy and don't reply" method and said this should be applied to any e-mail that requests credit details, identification or investment.

"The 'don't try' is particularly important - users feel comfortable because they are buying from the market, not the scammers," he said. "We used to say [the campaigns] are almost too good be true; now we say they are simply false."

For more enterprise computing news, visit Computerworld online. Story copyright © 2006 Computerworld, Inc. All rights reserved.

---