Evil Facebook Spam

Facebook did not spam me

Facebook is a wonderful tool for letting complete strangers know what you had for dinner last night or showing prospective employers what you do on the weekends. The Facebook empire continues to expand into all parts of the world where free time is in excess.

Do Facebook servers launch spam campaigns? Probably not. Unfortunately, electronic mail can be easily configured to appear to come from any web site. Recently my unfortunate inbox accepted a message that, on the surface, seemed to originate from my friends at Facebook. At first glance the contents seemed legitimate. At second glance subterfuge and deception reared their ugly heads. Don't let this happen to you.

Let's take a closer look. We embark on a journey through Canada, Spain, and a friendly pub in New Jersey. Somehow they are all virtually related.

The evil spam. It did not come from Face Book.
The evil spam. It did not come from Face Book.

Don't be fooled

Spammers are evil but mostly not stupid. They spend their waking hours contriving strategies to convince us that all is well. They leverage the good will of legitimate organizations. They hide behind weaknesses in the design of the Internet.

This particular message steals Facebook fonts, colors, and styles. It also attempts to inspire a little fear: "You have 1 lost message on Facebook" might be sufficient to coax many unsuspecting legitimate Facebook users into clicking on the links embedded in the message. No one wants to lose a Facebook message.

The link is actually quite different than it appears.
The link is actually quite different than it appears.

The link appears to be legitimate

The link included in the text of the message seems reasonable. Included in the link is a reference to the real Facebook site and also the word 'profile', which all Facebook members recognize. Unfortunately, hovering over the 'link' reveals the true address: it's nothing remotely related to Facebook.

What if you click on it? Don't click on it.

Clicking on the link will open a browser window and attempt to load a web page from a domain called "alenwich.com", which is obviously not Facebook. In the interest of science we opened the link in our browser. Don't try this at home. We are qualified professionals who take extreme precautions.

We opened the link not in Windows, but in Linux, which affords additional protection levels because the spammers probably designed their attack under the assumption that most computer users are running a Windows-based operating system.

We weren't attacked, only redirected. We were victimized by a little Internet sleight of hand.

After clicking on the link, we were redirected to this page.
After clicking on the link, we were redirected to this page.

Some basic redirection

One useful feature built into the language of web pages is the ability to redirect to a completely different page. When we clicked on the link embedded in our spam email, we were redirected to a completely different domain. The original link pointed to "alenwich.com/james.html", which immediately redirects to "pillscioffline.com".

The new destination wanted to sell us some stuff. We were treated to a cornucopia of Canadian Pharmaceuticals. Our computer was not attacked, only insulted.

Why go to all this trouble?

Some folks really want to sell stuff. In this case, the sole purpose of the original Facebook-style spam was to direct traffic to a web site ostensibly offering pharmaceuticals at relatively low prices. Everyone knows that Canada has less expensive products compared to some other parts of the world. We all trust Canada and many of us gladly reveal highly sensitive information to web sites purporting to be "Canadian."

Is Canada in Spain?

The plot gets thicker. Our destination domain, pillscioffline.com, is registered in Spain. It was registered only 2 days before our spam arrived. In other words, the site was 2 days old and the ownership of the domain was assigned to a physical mailing address in Spain. Canada is not near Spain, nor are the two countries spelled sufficiently alike to suggest that typographical errors may be at fault.

Click here to see who owns the domain.

This what Yahoo thinks of "Canadian Family Pharmacy"
This what Yahoo thinks of "Canadian Family Pharmacy"

Is there a Canadian Family Pharmacy?

A legitimate business with the endearing name "Canadian Family Pharmacy" may actually exist. It may actually offer legal products at reasonable prices. On the other hand, the web site at pillscioffline.com might contain just enough programming and endearing graphics to collect credit card numbers and social security numbers.

There may be no legitimate pharmacy behind the web site. We can't say for sure. Any competent programmer can cobble up a web site. Be very careful when revealing personal information online.

alenwich.com is the Ale 'n 'Wich pub in New Jersey.  Undoubtedly they had no part in this scheme. Their domain was hijacked.
alenwich.com is the Ale 'n 'Wich pub in New Jersey. Undoubtedly they had no part in this scheme. Their domain was hijacked.

Whither alenwich.com?

Should you be feeling a bit peckish after all this cloak-and-dagger nonsense, stop by the Ale 'n 'Wich Pub for a burger. These unsuspecting folks are the rightful owners of the domain called alenwich.com. Yes, that domain does appear in the original spam that started this mess, but rest assured that no one in the restaurant had anything to to with this risky scheme.

Someone hacked them during the lunch rush. Were you to peek into their web server computer, you would see a tiny file called "james.html" that serves to immediately redirect unsuspecting browsers from alenwich.com to pillscioffline.com. That little file may persist for years or may be erased before you read this: it doesn't affect the normal operation of the computer at all.


Don't blame Facebook, don't blame the Ale 'n' Wich Pub, and don't blame Canada. Blame yourself if you fall for this type of contrivance. Resist the urge to reveal personal information just to save a few dollars.

More by this Author

Comments 5 comments

Alastar Packer profile image

Alastar Packer 5 years ago from North Carolina

Very interesting on the alenwich domain. The updated digital bait and switch re-direct eh. Some will continue to fall for these ploys despite people like yourself exposing the scam and spam. Hacking someone's site for the redirect reminds of this in a way. Once had to close out FB for a while and at the end of the process- despite protection- was informed that the account had been hacked and FB advised changing the password. Why couldn't the FB have informed before?

drbj profile image

drbj 5 years ago from south Florida

Thanks for the good infomation, nicomp. Canada is not near Spain??? Who knew?

nicomp profile image

nicomp 5 years ago from Ohio, USA Author

@drbj: Congratulations on your achievement of Level 8 Commenter. You deserve it!

anusha15 profile image

anusha15 5 years ago from Delhi, India

Spamming is a serious problem these days. Not only Facebook but also a couple of other trusted site names like twitter etc. are being used by the spammers.

An informative hub which would make more people aware - very nicely written and presented too.

Django 5 years ago

I highly recommend to use a DIFFERENT email adress to register in facebook

If Spam is sent to your other emeil adress you know it is not coming from facebook

I also recommend to our courts to sent spammers at least for 20 years in prison

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.

    Click to Rate This Article