Recently, we have received several spam messages from our honeypot, claiming to be automated notifications from YouTube. We reckon that whoever is behind this campaign are counting on users who have their YouTube notification settings enabled in order to fall for their tactics.

We have showcased below a couple of these emails we received that, although may have slight differences, are essentially similar.

Sample 1:

yt-spam1-redactedclick to enlarge

From: Automation YoutubeService
Subject: Attention, Delayed email statements
Message body:
Delayed email.

View emails.

Sincerely
Youtube service

Sample 2:

yt-spam2-redactedclick to enlarge

From: YouTubeNotify
Subject: Hi, Deferred e-mails banged
Message body:
Delayed email.

View emails.

Sincerely
Youtube service

The link from both samples is View emails. Once clicked, users are led to sites that we believe have been compromised to redirect to Russian domains that are less than a year old. Sample 1‘s destination URL, which is medicalsafeservices[DOT]ru, is already down as of this writing; luckily, however, Sample 2‘s destination URL is still up, and it’s called My Canadian Pharmacy, a brand that the Certified Canadian International Pharmacy (CIPA) names as a rogue site and not a member of its professional organization.

fake-pharmaclick to enlarge

In case you’re not aware, fake Canadian pharmacy sites are usually classified as fraud or scam as they claim to sell legitimate medication but deliver unapproved, mislabeled, or even counterfeit pharmaceutical goods.

Although fake online pharmacies aren’t exactly new and have been around for years, they’re still making some headlines this year.

If you’re unsure of the legitimacy of the online pharmacy site you’re visiting, you can use the verification tool offered by CIPA and/or look up its profile in PharmacyChecker.com. It also pays to be familiar with how rogue pharmacy sites operate. Hint: They’re usually against standard practice.

And as always, carefully consider elements of emails you receive that may only appear legitimate at first. The link they sport may lead you to destinations you may not want to see; worse, to software you don’t want downloaded onto your system without you knowing.

Recommended reading/s:

Jovi Umawing