TOKYO (MacHouse) – More than 90 minutes ago, a cyber scum group sent out a phishing message. The sender is shown as VIAGRA ® Official Site. As shown in Screenshot 01, what’s interesting about this message is that it says in the body
You are receiving this e-mail because you subscribed to MSN Featured Offers.
 Screenshot 01 – Source: MacHouse |
 Screenshot 02 – Source: MacHouse |
 Screenshot 03 – Source: MacHouse |
So how do we know that this is a junk message? It sounds strange if it says Microsoft sponsors this e-mail marketing operation. But that’s not convincing evidence, is it? If you take a good look at Screenshot 01, the hyperlink behind the image is www.pkjhyfl.cn. That’s kind of an awkward domain for an online drug store. Reading the source code of the message, there is something odd. Recipient’s address is junk912@gmail.com, which is our junk e-mail address. Then sender’s address is also shown as junk912@gmail.com. (See Screenshot 02.) That can’t be right.
By the way, if you click on ‘Unsubscribe’ in the message (See Screenshot 03.), you will be forwarded to a blank page. (See Screenshot 04.) That’s another odd aspect.
Anyway, let’s go to the online pharmacy store hosted at the domain of pkjhyfl.cn. Again, the only odd thing is the domain name. And we don’t see anything else suspicious at the index page. (See Screenshot 05.)
How can we tell if an online store is fake? Well, we’ve done it many times. Anyway, let’s see quickly if this online pharmacy store is a total fake.
 Screenshot 04 – Source: tracking.msadcenter.msn.com |
 Screenshot 05 – Source: www.pkjhyfl.cn |
 Screenshot 06 – Source: www.pkjhyfl.cn |
If you go to a checkout page, it says ’100% SECURE CREDIT CARD TRANSACTION’ at the top left with a lock image. If it’s a transaction page, the protocol must be https. But, as shown in Screenshot 06, the protocol is http. That’s Strike 1. At the top of the page, you see a label that says ‘SECURED BY GeoTrust click to verify.’ But there is no hyperlink behind this label. That’s Strike 2. Finally, there’s a hacker safe label. If this label is real, then there must be a hyperlink behind the image to show to whom and to what address this certification is issued. But there’s no hyperlink. (See Screenshot 07.) That’s Strike 3 – Out!
Finally, if you fill out the form with a fake credit card number… (See Screenshot 08.) You will get a message that says the credit card number you have entered is wrong. (See Screenshot 09.) This is a typical phishing checkout page. Their objective is to collect credit card information and nothing else. This checkout page cannot process orders. That’s why you get stopped after entering credit card information.
If you run into a suspicious online pharmacy store, now, you should know what to do. Again, simply go to the checkout page and see if the protocol comes with the secured layer. If not, chances are that it’s fake.
 Screenshot 07 – Source: www.pkjhyfl.cn |
 Screenshot 08 – Source: www.pkjhyfl.cn |
 Screenshot 09 – Source: www.pkjhyfl.cn |
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
Is there any way to stop these emails? I am being bombarded with them?
Since the message always includes ‘MSN Featured Offers’ for this particular spam operation, if you are with a web hosting company for your e-mail addresses, you can use the e-mail filter. Just block e-mail messages that contain ‘MSN Featured Offers.’