Y’know, after I got one too many spams advertising a Canadian pharmacy “verified by BBB”, I just had to go check it out and see how truthful they were.
So, after removing all tracking information from the URL to prevent any sort of click-through revenue, I entered the address of the site. It looked fairly legitimate, and even had a number of seals at the bottom identifying affiliation with various big names in online business.
Except… well, let’s just say that something was rotten in the province of Ontario.
Upon closer inspection, every one of the links pointed to a page on the pharmacy’s own domain. Sure, they tried to hide it by hiding the address bar via JavaScript, but it wasn’t too hard to unhide it and reveal their duplicity.
And why were they hosting the BBB report on their own site, rather than linking to the BBB? A quick search at the BBB’s web site turned up the real report (compare the mailing address in that first screen shot if you have any doubt!), which points out that they’re not even a member— membership, of course, being a requirement to display the seal featured on the front page. Oops.
Oh, and also, those links in the fake report don’t work at all. So much for getting the much-needed background information.
Even worse: They claimed to be a secure site using a Verisign encryption certificate. Of course, that was also a fake certificate hosted on their site. Indeed, there was no security at all— no padlock in the corner, no HTTPS URL, nothing.
So yeah. Avoid these guys like the plague— no pun intended!