Recently, we have received several spam messages from our honeypot, claiming to be automated notifications from YouTube. We reckon that whoever is behind this campaign are counting on users who have their YouTube notification settings enabled in order to fall for their tactics.
We have showcased below a couple of these emails we received that, although may have slight differences, are essentially similar.
From: Automation YoutubeService Subject: Attention, Delayed email statements Message body: Delayed email. View emails. Sincerely Youtube service
From: YouTubeNotify Subject: Hi, Deferred e-mails banged Message body: Delayed email. View emails. Sincerely Youtube service
The link from both samples is View emails. Once clicked, users are led to sites that we believe have been compromised to redirect to Russian domains that are less than a year old. Sample 1‘s destination URL, which is medicalsafeservices[DOT]ru, is already down as of this writing; luckily, however, Sample 2‘s destination URL is still up, and it’s called My Canadian Pharmacy, a brand that the Certified Canadian International Pharmacy (CIPA) names as a rogue site and not a member of its professional organization.
In case you’re not aware, fake Canadian pharmacy sites are usually classified as fraud or scam as they claim to sell legitimate medication but deliver unapproved, mislabeled, or even counterfeit pharmaceutical goods.
If you’re unsure of the legitimacy of the online pharmacy site you’re visiting, you can use the verification tool offered by CIPA and/or look up its profile in PharmacyChecker.com. It also pays to be familiar with how rogue pharmacy sites operate. Hint: They’re usually against standard practice.
And as always, carefully consider elements of emails you receive that may only appear legitimate at first. The link they sport may lead you to destinations you may not want to see; worse, to software you don’t want downloaded onto your system without you knowing.