Dump the Pump and Dumps
Here we are, well on our way into the 21st century; the human race has been around for at least 5767 years, as of last weekend; and we've been working with e-mail, Internet, and spam for over a decade already. With those credentials, you'd think people would know better.
It's a scam, of course; all part of 'pump and dump' schemes, where spammers buy stock in companies that exist mainly on paper and are traded on unsupervised exchanges, and then dump the shares on those who respond to their spam. It must be working, because in the past few months, stock spam has begun edging out fat pills or 'v1agra' messages in my inbox!
That's right, helpless. You can't blacklist particular e-mail addresses, because they use different ones each time; ditto for the domains these messages come from, which don't even seem to exist; keywords don't work, because many of these messages have no words at all; and it doesn't do any good to filter out messages with html images or attachments, because there aren't any!
These sneaky spammers have hit upon a novel way to make sure there messages get through; inserting a .png image into a line of text, with the actual spam message in the picture! You might have noticed that some of these messages start out with what looks like a newspaper article or the contents of a romance novel - but most come with no actual text at all, the better to evade any text-based spam filters altogether. The image is inserted as part of the empty body of text - just like you would insert, say, a table into a text document in Word. And although you are getting an image, it's not the standard HTML images that most e-mail programs filter out. The image, in this case, is the pump and dump shpiel about how you can get in on the ground floor and make out like a bandit by following investment advice from an anonymous, malicious source!
Spammers who send this stuff are taking a chance, because the 'links' in them - whether URLs or e-mail addresses - cannot be clicked on, so they must be expecting recipients to actually type in, or at least copy and paste, the links into their browsers. Maybe that's why the penny stock people have focused in on this spam method - if you're going to make people do extra work, you have to promise them a reward.