Threat Intelligence Blog

Posted April 21, 2010

Spam originating in Gmail accounts that routed recipients to what appears to be a Canadian pharmacy this week has created quite a stir online. According to reports:

…the Gmail spam is hardly sophisticated. It’s being used to flog Canadian pharmaceutical Web sites that promise to send cheap drugs to U.S. customers

Although the spam component may not be very sophisticated, a more detailed analysis shows the attack is more complex. The fulfillment of the scam is relatively complicated and like many websites which sell prescription drugs over the internet, Canadian Health & Care Mall has no real connection to our neighbors above the border at all. In fact the websites to which Cyveillance has seen internet users routed in this scam are hosted in countries like Thailand, Iran, and China, and registered to individuals in Russia.

online pharmacy
Canadian Health & Care Mall

When recipients of the spam coming from compromised Gmail accounts click the link in the email, they are sent to various legitimate websites around the world. Unfortunately these sites have been hacked by cyber criminals and visiting certain links on them will redirect the web surfer to websites that look like the one pictured above.

At first glance, this fake online pharmacy site’s efforts to appear legitimate are impressive. The cyber criminals have fabricated Verisign certificates and even included a digitally altered seal of approval from the United States Food and Drug Administration.


The certificate, dated 2001, reads:

All the drugs sold at Canadian Health&Care Mall are considered to be FDA approved.

The FDA is responsible for protecting the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation’s food supply, cosmetics, and products that emit radiation. The FDA is also responsible for advancing the public health by helping to speed innovations that make medicines and food more effective, safer, and more affordable; and helping the public get the accurate, science-based information they need to use medicines and foods to improve their health.

A little digging shows the inaccuracies in the website’s claims. Their Contacts page lists their USA headquarters’ address at “2723, Guadalupe St, Austin, TX, USA”. A look in Google Maps shows a Taco Bell and Chinese restaurant at that location.

usa branch office
This building is not found at the USA address provided on the fake online pharmacy.

Another red flag – how often is your credit card number required simply to submit an inquiry on a web form?

online pharmacy scam
Despite the small lock icon next to the credit card field, no security measures appeared in place on this page.

The scam shows how elaborate fraud campaigns on the internet can be today. Consumers’ hacked email accounts were used to distribute the spam. Compromised web servers redirect their visits to illegitimate pharmacy websites. These destination websites where the fraud is actually perpetrated are located on servers in far off lands where interactions with hosting companies’ Abuse teams may not be easy.

As always, be vigilant when following links you receive in email. The risk to your computer and to your financial health is extremely high if you are not very careful. And never, ever order from an online pharmacy unless you know it to be legitimate and operating within the law.

A robust examination of the Canadian Health & Care Mall can be found at

Additional Posts

Are Social Media Sites Effectively Protecting Against the Proliferation of Malware?

Reports continue to come out about social media users who unknowingly access malware through online ...

Digital Copiers an Opportunity for Data Thieves

Among the many services we offer our clients, Cyveillance monitors the internet for important ...