Fake Twitter notification leads to American drugs

Filed Under: Social networks, Spam, Twitter

We have seen an influx of spam this weekend purporting to be notification messages from Twitter.

Twitter Notification spam

The message body says:

"Hello,

You have notifications pending
http://twitter.com/account/notify/RANDOMHEX?emcamp=notify_CURRENTDATE&userid=RANDOMNUMBER

Thanks for being part of Twitter,
The Twitter Team"

In the samples I examined, the URLs that the links direct you to are all unique. In addition to rotating through many different domain names, the spammers append random words to the URL that are ignored by the redirecting websites.

Google Maps satellite view of fake pharmacyOf course these messages aren't from Twitter; they are promoting online pharmacies. One of the registrants with an address in Moscow currently owns more than 100 domain names all redirecting to pharmacy-related websites.

My favorite one proclaims to be an American pharmacy. How refreshing! The address in Texas that they list looks to be a bit empty, though.

Like most online pharmacy scams the cost of their products is not exactly discount. The average price for these products when you include special "handling" fees and "insurance" is almost $200 USD.

US Drugs logo

Barber Shop sign at CDN Pharma addressAmusingly, if you omit the www from the URL for US Drugs you get a "Canadian" pharmacy selling very similar products. I decided it was only fair to look up their Canadian address in Ontario.

It appears they either have made up the address, or have started a barbershop... Maybe they are taking advantage of all their Rogaine sales.

To learn more about how online pharmacy spammers and other affiliate-based networks make money, download our paper "The Partnerka - What is it, and why should you care?"

, , ,

You might like

One Response to Fake Twitter notification leads to American drugs

  1. Guest · 1174 days ago

    Do these email contain viruses?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.