Video Screencast Help
Security Response

WikiPharmacy? Fake Notifications Spammed Out

Created: 26 Apr 2012 06:46:31 GMT • Updated: 23 Jan 2014 18:16:00 GMT • Translations available: 日本語
Samir_Patil's picture
0 0 Votes
Login to vote

Symantec is intercepting a resurgence of spam attacks on popular brands. Spam messages that are replicas of the Wikipedia email address confirmation alert are the new vector for the present. The said spam messages pretend to be originating from Wikipedia, and are selling meds, with the following subject line: “Subject: Wikipedia e-mail address confirmation”.

The spoofed Wikipedia page is a ploy to give legitimacy to the sale of meds online. The embedded URL in the message navigates to a fake online pharmacy site that is dressed up as a Wikipedia Web page. Furthermore, to give the email a legitimate look, the spammer has added the recipient’s IP address in the body of the spam mail. Needless to say this IP does not belong to the user.

Figure 1: Part of the spam message

 

Figure 2: An example spam message

 

Figure 3: The corresponding WikiPharmacy Web page

 

This is another social engineering tactic where popular brands are exploited for spamming. Symantec anticipates a surge of such attacks due to increasing popularity; a trick used by spammers from time to time to make their clandestine efforts look legitimate.

Beware of any purchases from such sites as it will put the user’s personal and banking information at risk. We recommend users not click on any URLs from such unsolicited emails.