Spamvertised ‘YouTube Video Approved’ and ‘Twitter Support” themed emails lead to pharmaceutical scams

by

Share this news now.

Just like true marketers interested in improving the click-through rates of their campaign, pharmaceutical scammers are constantly looking for new ways to attract traffic to their fraudulent sites.

From compromised web shells on web sites with high page rank, the impersonation of legitimate brands, to the development of co-branding campaigns, pharmaceutical scammers persistently rotate the traffic acquisition tactics in an attempt to trick more end users into purchasing their counterfeit pharmaceutical items.

In this post, I’ll profile two currently spamvertised campaigns impersonating YouTube and Twitter, ultimately redirecting end users to pharmaceutical scams.

More details:

Screenshot of the ‘YouTube Video Approved’ themed email:

Screenshot of the ‘Twitter Support” themed email:

Sample spamvertised URLs located on compromised domains: 

  • hxxp://cantaci.com/solitude.html
  • hxxp://lyonssystems.co.uk/plank.html

Spamvertised pharmaceutical scam site:

  • hxxp://medslevitraleiby.com – Email: peep@osmail.net

Both campaign redirect users to pharmaceutical scam domains, such as medslevitraleiby.com which is responding to 91.212.124.152. In the past, it used to respond to the following IPs: 37.157.249.2; 91.212.124.152; 95.168.193.184; 171.25.190.224; 188.132.211.183; 194.28.50.113; 213.162.209.179.

The spammers are monetizing the traffic by participating in a revenue-sharing pharmaceutical affiliate program.

Users are advised to be extra vigilant when interacting with email from unknown sources, and not to purchase counterfeit items from pharmaceutical shops delivered to them via spam messages, no matter which company they’re attempting to impersonate.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.
Spamvertised 'YouTube Video Approved' and 'Twitter Support" themed emails lead to pharmaceutical scams by

Tags:



About the Author

Name: Dancho Danchev
Role: Retired ThreatBlog Member

Share this news now.

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can alsofollow him on  TwitterGoogle+ or Facebook.


Share this news now.
Spamvertised 'YouTube Video Approved' and 'Twitter Support" themed emails lead to pharmaceutical scams by

Trackbacks

  1. [...] emails. In the past, we’ve seen fake Google Pharmacies, emails once again impersonating YouTube and Twitter, as well as Facebook Inc. in an attempt to add more authenticity and legitimacy to their [...]