Pharma spam masquerading as Facebook message


Spammers are always looking for ways to hide their true identity in order to bypass content filters, and to employ social engineering to bypass our own human filters that can often tell if something is spam just by looking at it. Here’s one message that arrived in one of our employee’s personal mailboxes. He saw the familiar blue Facebook header, and figured it was from a friend.  Of course the image didn’t immediately load (Outlook typically blocks images from loading until you ask it to download the images), so it took a few seconds before he realized it was actually spam.

This message was designed to fool people (due to the visual design) and spam filters that have trouble with image-based spam, since all the actual content was in an image. The only content that text-based filters can identify in such a message are the traditional Facebook text, such as “…if you do not wish to receive this type of Facebook mail in the future…” making it appear legitimate.

Pharmaceutical spam designed to look like a Facebook message

Of course the message wasn’t actually sent from Facebook – if it had been, the return address would have been Facebook, and not Tammi Manley (gotta love the play on words).

Also, all the links (such as unsubscribe, and more info) lead to the same pharmaceuticals site (big surprise).

Go back