Cybercriminal groups specializing in mobile phishing attacks have shifted their focus to targeting customers of major brokerage platforms, implementing a sophisticated “ramp and dump” scheme that manipulates foreign stock prices using multiple compromised trading accounts. Security researchers have tracked this evolution to a thriving Chinese-language community operating openly on Telegram, where advanced phishing kits specifically designed for brokerage account compromise are actively sold and distributed to criminal networks worldwide.
The ramp and dump scheme represents a modern evolution of traditional pump and dump fraud, eliminating the need for social media promotion by using compromised brokerage accounts to artificially inflate stock prices through coordinated trading activity. Criminal operators preposition themselves in targeted Chinese IPO or penny stocks using their own legitimate accounts, then deploy multiple victim accounts to purchase large volumes of the same securities, driving up prices before dumping their holdings and leaving victims with worthless shares. The FBI began seeking information from victims of this scheme in February 2025, recognizing it as a significant threat to market integrity and individual investors.
The phishing infrastructure supporting these schemes has rapidly matured from simple USPS and toll road spoofing campaigns between 2022-2024 to sophisticated brokerage-specific templates that exploit SMS-based multi-factor authentication weaknesses. The criminal group behind this operation, led by a vendor known as “Outsider” (previously “Chenlun”), uses Apple iMessage and Google RCS services to send phishing messages impersonating major brokerages like Schwab, warning recipients of account suspensions and directing them to credential harvesting sites. While financial institutions have strengthened mobile wallet authentication requirements following earlier attacks, the shift to brokerage targeting demonstrates how cybercriminals adapt their tactics when existing attack vectors become less profitable, leveraging artificial intelligence and large language models to accelerate their development cycles and lower barriers to entry for new operators.