In cybersecurity, fake pharma is the term we use to describe the peddling of drugs and medication, whether they are legal or not, in a pushy, obtrusive way. This branch of internet trade is often associated with false advertising, spam, dubious vendors, and the Dark web.
Scripts to deliver a goodbye message
—will trigger the function called “confirmation”. But the “onunload” event allows the closing of the browser tab or window—something the fake pharma site creators don’t want—so they use the alternative event called “beforeunload”, which can be specified in this way:
window.onbeforeunload = function()
This site defines what “beforeunload” is about:
The beforeunload event is fired when the window, the document and its resources are about to be unloaded. When a string is assigned to the return Value Event property, a dialog box appears, asking the users for confirmation to leave the page (see example below). When no value is provided, the event is processed silently.
Short and simplified: When users click the “X” in the browser tab to close it, they cause an event called “beforeunload”, which in turn checks if there is a task that needs to be done first before closing the tab. In this case, the task in the function defined for “onbeforeunload”.
Another method is to use built-in features or plugins of content management systems (CMS) like WordPress (example below), Joomla, and Drupal.
From what we’ve seen, Internet Explorer and Edge are the most susceptible browsers when it comes to popping up these “extra messages”. Opera, Firefox, and Chrome show the user the “Stay or Leave” prompt but without the extra text.
Opera “Stay or Leave” prompt
Edge’s prompt on the same site
Fake pharma link distribution
Some of the links to these pharma sites are sent out by Skype messages, where they are camouflaged in Baidu search results. We wrote about this method last year, but it is still current.
I received this link to a pharma site on Skype
Another very popular method to spread fake pharma links is done by forum spammers, who get paid mere pennies for registering and posting on popular forums, like ours for example.
And let’s not forget the time when our mailboxes were flooded with “Viagra” offers.
This post went into some of the background information concerning the advertising of fake pharma sites, how they spread their links, and how they try to retain your attention.
Other related post(s):
- More Replica Automated Mails Lead to Fake Pharma
- Replica YouTube Automated Mails Lead to Fake Pharma
- Fake Facebook Mails Lead to Pharma Spam