Illicit online pharmacies resort to hacking to gain customers

Redirecting search results has produced higher sales than those originating from email spam, a study says.

By — Posted Sept. 5, 2011

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

Illicit online pharmacies are using a new sales scheme -- hacking into legitimate websites to redirect search engine traffic to their illicit pharmacies.

A study by researchers at Carnegie Mellon University in Pittsburgh found that about one in three online searches for prescription drugs result in the searcher being unknowingly redirected to websites belonging to illegal online pharmacies. By manipulating the search engines, these illicit websites also have crowded out legitimate online pharmacies, making it harder for consumers to find them.

Nektarios Leontiadis, a PhD candidate at Carnegie Mellon and co-author of the report, said the findings should alarm physicians, because if patients conduct a blind search online for drugs, they're likely to land on an illicit pharmacy site. Leontiadis' peer-reviewed research was accepted for presentation at the August USENIX Security Symposium in San Francisco.

There's no way customers can discern the legitimate websites from the illicit sites, Leontiadis said. In his research, he identified nine legitimate online pharmacies and 4,500 illicit ones. "So you can imagine how difficult it is to find a legitimate pharmacy," he said. Not only do illicit online pharmacies outnumber the legitimate ones, but the manipulation of search engines has caused legitimate sites to be ranked so low that they are much less likely to be visited.

The researchers looked at 185,000 websites that came up through online searches for drug information and found that 63,000 were hacked to manipulate them to redirect Web traffic from one site to another. In other words, someone clicks on a link to website A, and they are automatically taken to website B.

Leontiadis said the method works because searchers generally click on a link because it's high up in a search and has related phrases that show up in the search engine. But they generally won't look at the actual Web address, which would be the address of the legitimate site that has been hacked, sending the searcher to the illegitimate site. Webmasters of the legitimate sites usually have no idea they have been compromised, he said.

The authors of the report also note that the conversion rate of clicks to actual sales is between 0.3% and 3%, much higher than the rate of sales associated with emailed spam. Leontiadis says purchasers usually get a product shipped to them, but there's no guarantee that what they ordered is what they will get, or that the product is safe.

The Food and Drug Administration issued a consumer safety guide warning consumers that drugs purchased online could be fake, expired, not FDA-approved, the wrong dosage, or not made or shipped using safe standards.

The National Assn. of Boards of Pharmacy issued a public health report in June that said 98% of the 8,000 online pharmacies it investigated were not in compliance with U.S. pharmacy law. Other reports say online pharmacies often are associated with credit card theft and sales of credit information. Many of these online pharmacies are not in the United States; a large number are Canadian.

The Justice Dept. has started to crack down on Canadian pharmacies targeting U.S. consumers. Google recently paid a $500 million fine for knowingly carrying advertising from Canadian pharmacies that sold drugs to Americans without prescriptions. The money represents revenue from the drug ads and revenue earned by the pharmacies from sales to U.S. customers.

The government's investigation found that Google has known since 2003 that Canadian pharmacies were illegally selling drugs online to Americans. The company said it has stopped carrying the ads. The settlement involved only advertising and not search engine results, including search-engine manipulation by pharmacies.

The Justice Dept. said Google acknowledged it "improperly assisted Canadian online pharmacy advertisers," but a company statement said Google has given up the practice, and that it shouldn't have "allowed these ads ... in the first place."

The FDA recommends that patients check to see if pharmacies are located in the U.S. by going through state pharmacy licensing boards. Legitimate online pharmacies will be licensed in all 50 states. Leontiadis said physicians also can provide patients with a list of legitimate online pharmacies. When those Web addresses are typed directly into the browser, they won't be redirected in the same way as websites in search engines.

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story