Counterfeit drugs warning to online shoppers using legitimate pharmaceutical stores
Pill peddlers are hijacking legitimate websites to send spam in order to fool consumers into buying fake pharmaceutical products online.
According to security firm Sophos, spam campaigns that advertise internet pharmacies are directing users to web pages hosted on legitimate websites that have been compromised by the spammers.
Once the victim has been lured to the site, the pages automatically redirect surfers to a fake online store.
The dangers of buying medicines this way was highlighted last month by the Canadian authorities after a 57-year-old woman died after purchasing pills through an online source. Marcia Bergeron who lived on Quadra Island in British Columbia apparently died of poisoning.
Vancouver Island regional coroner Rose Stanton said the toxicology report showed the anti-anxiety medication and sedative she had bought were laced with dangerous mineral traces.
"The pills had traces of uranium, strontium, selenium, aluminum, arsenic, barium and boron," said Stanton.
While these current spam attacks are not new, it is becoming harder to filter the spam messages and track the original source. Consumers' anti-spam software will often use the links in an email to determine whether the message is spam.
If someone gets frequent emails from favourite websites, because these appear frequently in their inbox, if that website were to be hacked then any spam sent from there is almost certain to get through.
This is because their spam filters do not recognise the emails as spam because the source web address is legitimate.
Graham Cluley, senior technology consultant at Sophos, said people are tricked into clicking on the link in the spam email because the web address is genuine. He pointed out the website owner is probably completely unaware that spammers have hacked their site, and are using it to redirect visitors to an online pharmacy.
"Website owners have a duty to properly patch their sites against the latest vulnerabilities, or face being exploited by spammers," said Cluley.
Updating your subscription status