Listen to this Post
Introduction
Cybercriminal activity is rapidly evolving, shifting from simple mobile wallet theft to highly complex attacks on brokerage accounts. These new schemes are no longer just about stealing funds—they manipulate stock markets and exploit advanced phishing tactics to maximize profit. Recent research highlights how attackers are leveraging compromised trading accounts to artificially inflate stock prices before cashing out, leaving unsuspecting investors with devastating losses.
The Rise of Brokerage Account Attacks
Cybercriminal groups, primarily operating in Chinese-language environments, have moved far beyond traditional mobile wallet theft. Between 2022 and 2024, early phishing campaigns focused on postal services and toll road operators, using SMS messages to capture payment card details. These details were then added to Apple and Google mobile wallets through one-time authentication codes.
Security researcher Ford Merrill from SecAlliance notes that attackers now orchestrate complex operations targeting brokerage accounts. The criminals often liquidate a victim’s existing positions, preposition themselves in the same instruments using accounts they control, and then sell everything once the stock price rises artificially. By coordinating purchases across multiple compromised accounts, especially with Chinese IPOs and penny stocks, attackers can generate price surges and then “dump” shares for massive profits.
Technical Exploitation Methods
At the heart of these schemes lies the exploitation of SMS-based two-factor authentication. Phishing messages, sent via Apple iMessage and Google RCS, often impersonate legitimate platforms such as Charles Schwab and warn victims of supposed account suspensions. Once users click malicious links and enter credentials, attackers also capture their one-time SMS codes, granting full access to brokerage accounts.
A notable tool in this ecosystem is the phishing kit “Outsider,” previously known as Chenlun. Sold through Telegram channels, these kits allow attackers to create targeted campaigns for specific brokerages, with current templates focused on Schwab customers but easily adapted for other financial institutions.
Industry Response and the Perfect Crime
Brokerages like Schwab are aware of these tactics and have issued warnings to clients while monitoring for suspicious activity. However, even with multiple authentication measures, sophisticated phishing attacks remain a serious vulnerability.
Merrill describes this method as ingenious due to its complexity: criminals can buy stocks on Chinese exchanges using legitimate accounts while manipulating US-based compromised accounts, making it extremely difficult to trace the connection between victims and perpetrators. Artificial intelligence plays a key role, with cybercriminals using large language models to develop and translate attacks, lowering the barrier to entry and accelerating scheme sophistication.
The FBI has issued victim information requests in early 2025, underscoring the significant risk to investors who face catastrophic losses from sudden collapses in stock prices triggered by these manipulations.
What Undercode Say:
The evolution of cybercrime in the financial sector signals a worrying trend for global markets. Attackers have moved from straightforward theft to orchestrated manipulation that exploits systemic vulnerabilities. The combination of SMS-based phishing, compromised accounts, and AI-assisted planning creates a multifaceted threat that traditional security measures struggle to counter.
These schemes highlight the importance of financial literacy and proactive cybersecurity measures for investors. Users must remain vigilant, recognizing phishing attempts and employing multi-layered security tools beyond SMS-based two-factor authentication. Meanwhile, brokerages must invest in more robust detection mechanisms that can track unusual trading patterns in real time.
The emergence of kits like “Outsider” demonstrates the industrialization of phishing. With ready-made templates and the ability to adapt campaigns for multiple brokerages, attackers can rapidly expand operations and target a global pool of investors. Furthermore, AI integration accelerates translation and campaign planning, enabling cybercriminals to operate efficiently across different markets and languages.
Regulatory bodies also face challenges, as tracking cross-border trading manipulations is complex. Investors in vulnerable stock categories—particularly penny stocks and emerging market IPOs—are at heightened risk. The rapid pace of these attacks, combined with the obfuscation tactics used, creates a near-perfect environment for large-scale financial crime.
Ultimately, these developments highlight a critical need for cybersecurity awareness, cross-border cooperation, and advanced monitoring solutions. Investors, brokerages, and regulators must all adapt to mitigate the impact of these sophisticated ramp-and-dump operations before losses become irreversible.
🔍 Fact Checker Results:
✅ Attackers are exploiting SMS-based phishing to access brokerage accounts.
✅ Artificial intelligence is being used to enhance cybercriminal efficiency.
❌ There is no evidence that these attacks have affected all major brokerages globally yet.
📊 Prediction:
The sophistication of ramp-and-dump schemes will likely increase, with AI-driven tools making attacks faster and harder to detect. Investors may see more frequent and sudden market manipulations, particularly in smaller, less regulated stocks. Brokerages that fail to upgrade security protocols risk becoming primary targets, and regulatory frameworks may need urgent updates to address these new forms of financial cybercrime.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: cyberpress.org
Extra Source Hub:
https://www.facebook.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
