Home / Blogs

Received a Questionable Email From NABP? It May Be Illegal Spoofing

Has your organization recently received an email claiming to be from NABP's Internet Drug Outlet Identification Program (IDOI)? If so, it is possible that someone is trying to trick you.

The NABP IDOI team's email account has recently been illegally "spoofed" by unaffiliated persons or organizations. Email spoofing involves the forgery of an email header so that the email appears to have originated from someone other than the actual source. To be clear, it is NOT the result of unauthorized access into the spoofed organization's systems.

In this case, unknown individuals are posing as NABP (masking the real sender's email address and manipulating the "from" address to appear as if it comes from our idoi@nabp.pharmacy email address) and sending emails to organizations involved in domain name infrastructure (e.g., domain name registrars, registry operators, ICANN). The spoofer typically provides an official-looking list of internet pharmacies, accompanied by a request to lock-and-suspend these domain names.

Although we appreciate that these unknown individuals care about the issue of illegal internet pharmacies (or so we'd like to think!), the spoofed emails: (1) are not drafted by NABP; and (2) sometimes include websites that are not found on NABP's Not Recommended List and have not been reviewed by NABP. Why would anyone do this? Well, some illegal internet pharmacies use this tactic to target their competitors' websites, pretending to be NABP in order to shut down the competition.

A few takeaways:

  • NABP will never issue domain name abuse notifications from idoi@nabp.pharmacy.
  • Spoofing is annoying, potentially illegal, and possibly harmful.
  • Spoofers, if you are reading this: (1) If you'd like to suggest websites for inclusion on NABP's Not Recommended List, please report the websites here (scroll down to: "Found a suspicious website? Report it."); and (2) Please stop spoofing. It's not cool.

By Justin Macy, Digital Health Senior Manager

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byIPv4.Global

Brand Protection

Sponsored byAppdetex

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

New TLDs

Sponsored byAfilias