Spammers are leveraging news about the recent Zendesk data breach in an effort to trick users into visiting shady websites that offer pharmaceutical products.The notices, entitled “An important notice about security,” read something like this:
“We recently learned that the vendor we use to answer support requests and other emails (Zendesk) experienced a security breach. We're sending you this email because we received or answered a message from you using Zendesk.”
The body of the email is taken from the legitimate notifications sent by Pinterest to users following the Zendesk hack. The only difference is that the spammers have added a couple of links pointing to the rogue pharmacy website.
Both Sophos experts and Conrad Longmore of Dynamoo’s blog have confirmed that there doesn’t appear to be any malware involved in this campaign. However, that doesn’t mean it’s not dangerous.
Users are advised never to purchase anything from such websites, no matter how tempting the offers might look.
Another noteworthy fact pointed out by Sophos is that the same Canadian pharmacy site is also being advertised these days with bogus Facebook notifications.