Threat Intelligence Blog

This week the Department of Justice announced that Google will forfeit $500M for “allowing online Canadian pharmacies to place advertisements through its AdWords program targeting consumers in the United States”. While Google now monitors AdWords advertisements very closely to avoid similar penalties in the future, the Internet is still rife with websites that will sell prescription medication through the mail without ever meeting a doctor face to face. Indeed, investigation by cybercrime reporter Brian Krebs in recent years in articles like unprecedented insight into the lucrative world of Russian online pharmacy networks:

In total, these promoters would help Glavmed process in excess of 1.5 million orders from more than 800,000 consumers who purchased knockoff prescription drugs between May 2007 and June 2010. All told, Glavmed generated revenues of at least $150 million.

The problem with online pharmacy sites selling lifestyle drugs like Viagra and Cialis, the controlled substances vicodin and hydrocodone, and even cancer drugs is that without the oversight of a medical professional, patients may misuse or abuse the medications – whether genuine brand or generic. Another possibility is that what they receive in the mail from these faraway online pharmacy operations is not even real medication at all, but fake pills that contain inert ingredients like corn starch or dangerous chemicals like mercury. People can and do die in all of the scenarios above.

Remember the “Canadian” Pharmacy?

The availability of cheaper medication above the United States’ border has resulted in the creation of websites that appear to be from Canada, but actually originate far overseas, as we have written before. Cyveillance currently sees more than thirteen hundred websites out there today that mention Canada and the word pharmacy in the site’s domainDomain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website.. Of course there are many, many more which suggest they have a connection to Canada in other parts of their website.

But competition for customers who search for a Canadian pharmacy online is stiff, and operators of these illegal websites diversify by offering alternatives to American consumers with sites that suggest an origin in Mexico.

Cuidado!

Americans have long headed below the border for cheaper medications. In addition to the many opportunities for recreation that greet visitors in Tijuana are many brick and mortar pharmacies looking for Americans in search of a deal. These establishments may not always be safe either. According to a former federal law enforcement officer who worked cases of counterfeit pharmaceutical sales along the border…

There are over a thousand pharmacies lining the border in Tijuana; over twice the count you’ll find in neighboring San Diego. The number of storefronts is greater than what can serve the daily foot traffic from the U.S. Many make their earnings through illicit Internet and mail order sales.

The person greeting you from behind that counter in that white jacket and making healthcare recommendations is not a pharmacist. He’s a salesperson. That’s because there is no college of pharmacy in Mexico, nor is there a requirement to staff these businesses with licensed professionals. The pharmaceuticals are pre-packaged by the manufacturers with general dosage recommendations, as opposed to dispensed into amber vials with a professional consultation that you’d find in the U.S

U.S. law enforcement has seized millions of dollars of counterfeit pharmaceuticals from these operations. I recall an operation that imported from an unsanitary plant that I subsequently visited in India. This operation used day laborers to repackage the pills in bottles with English language labels. Some of these laborers placed the diabetes medicine in bottles intended for heart medication. One of the manufacturers supplying the operation could not keep up with the demand and, instead, supplied tablets that had no active ingredients which were ultimately repackaged and sold to Americans. I have also seen pretty good knock offs of American brands in Mexico. It is difficult to know exactly what you’re getting on the border.

Dangerous Online Pharmacies Which Claim to be from Mexico But Are Not


This site’s domain contains the words “online mexican pharmacy”. Click to enlarge.

The above site’s domain name couldn’t be more explicit about where it wants visitors to think it is from: it includes the words “online mexican pharmacy” right in the domain name. However the domain is registered anonymously, which is never a good sign when you want to entrust your health to someone. The site is hosted in the Netherlands, and belongs to an illegal pharmacy network from Russia.


This fake Mexican online pharmacy’s homepage is full of contradictory information. Click to enlarge.

The second impostor calls itself a “Real Mexican Online Pharmacy”. Unfortunately the domain’s registrant claims to be from Bulgaria and the site is hosted in Atlanta. The text on the very same page states that the medications will come from pharmacies in the United States. Which is it? And why the misinformation? No prescription is required from a healthcare provider to receive prescription drugs on this site.

Dangerous Online Pharmacies Which are from Mexico


Click to enlarge.

The illegal online pharmacy shown above does not require prescriptions for the very powerful prescription drugs it offers. Several are high-potency pain killers like Oxycontin that are known to place patients at risk for addiction. This domain’s registrant is in Mexico, and is hosted in Atlanta. Open source intel about this operation confirms that they’re shipping from Mexico into the United States.


Click to enlarge.

The “new formula” Oxycontin for sale at the premium price of $450 for ten tablets in our final example today is another example of controlled substances being sold online without a prescription. Like the site above, the domain is registered to a Mexican citizen. It’s hosted in Dallas, and information we’ve seen online suggests that the drugs are indeed shipped north from a brick and mortar pharmacy in Mexico.

Are they All Bad?

To be clear there is such thing as a safe online pharmacy. The FDA has a page with tips on safe ways to buy medication online. Please be safe out there.

Additional Posts

How Will ICANN’s Newest Domain Name Program Affect Your Company’s Brand?

Internet Corporation for Assigned Names and Numbers (ICANN) has instituted a new generic top-level ...

RSA Token Vulnerability and One of America’s Most Secret Agencies Invoked in Latest Spear Phishing Attack

A targeted scam or “Spear Phishing” attack making the rounds today invokes the National ...