Has your organization recently received an email claiming to be from NABP’s Internet Drug Outlet Identification Program (IDOI)? If so, it is possible that someone is trying to trick you.

The NABP IDOI team’s email account has recently been illegally “spoofed” by unaffiliated persons or organizations. Email spoofing involves the forgery of an email header so that the email appears to have originated from someone other than the actual source. To be clear, it is NOT the result of unauthorized access into the spoofed organization’s systems.

In this case, unknown individuals are posing as NABP (masking the real sender’s e-mail address and manipulating the “from” address to appear as if it comes from our idoi@nabp.pharmacy email address) and sending emails to organizations involved in domain name infrastructure (e.g., domain name registrars, registry operators, ICANN). The spoofer typically provides an official-looking list of internet pharmacies, accompanied by a request to lock-and-suspend these domain names.

Although we appreciate that these unknown individuals care about the issue of illegal internet pharmacies (or so we’d like to think!), the spoofed emails: (1) are not drafted by NABP; and (2) sometimes include websites that are not found on NABP’s Not Recommended List and have not been reviewed by NABP. Why would anyone do this? Well, some illegal internet pharmacies use this tactic to target their competitors’ websites, pretending to be NABP in order to shut down the competition.

A few takeaways:

  • NABP will never issue domain name abuse notifications from idoi@nabp.pharmacy.
  • Spoofing is annoying, potentially illegal, and possibly harmful.
  • Spoofers, if you are reading this: (1) If you’d like to suggest websites for inclusion on NABP’s Not Recommended List, please report the websites here (scroll down to: “Found a suspicious website? Report it.”); and (2) Please stop spoofing. It’s not cool.