Ramp and Dump: Brokerage Attacks Surge Fivefold with Sophisticated Scams

by ddos · October 25, 2025

Against the backdrop of escalating digital threats, cybersecurity experts have turned their attention to a sharp rise in attacks on brokerage platforms. According to a recent analysis by Fortra, the number of such incidents in the second quarter of 2025 increased more than fivefold compared to the same period last year. The trend has remained consistent since early 2024, with a threefold surge between the first and second quarters of 2025 alone.

At the core of these attacks lies social engineering, primarily through malicious text messages. Cybercriminals distribute SMS alerts impersonating major brokerage firms, urging recipients to follow fraudulent links and submit their login credentials. In most cases, the phishing kits employed are capable of stealing not only usernames and passwords but also one-time authentication codes.

Once the victim’s account is compromised, the attackers employ a “ramp and dump” scheme—liquidating existing assets, transferring funds into illiquid securities, artificially inflating their value through mass purchases, then selling at a profit and swiftly cashing out via mobile wallets. This strategy leaves minimal forensic traces, making it particularly insidious.

The report’s authors highlight a strong connection between the identified tools and the Smishing Triad — a China-based Phishing-as-a-Service network previously focused on spoofing logistics companies. In this new wave, the group has shifted its operations toward the financial sector, exploiting hosting platforms such as Tencent Building, Cheapy, and Alibaba. Their counterfeit pages precisely mimic brokerage interfaces, making visual detection of the fraud exceedingly difficult.

Given the aggressive spread of these campaigns, Fortra emphasizes the importance of adopting not only digital but also physical authentication methods. The use of hardware-based two-factor authentication keys (U2F) can effectively block unauthorized logins, even if credentials are compromised. The report further stresses the need for international law enforcement cooperation, noting that without such collaboration, halting the global proliferation of these attacks will become increasingly difficult.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal