Maybe you have seen the spam messages that looks just like a normal update from Twitter? The design and texts are identical to the Twitter original, informing you that you have 3 new messages or that someone has started to follow you. However, when you click the link that appears to go to Twitter, you end up at some drug store that sells these famous blue pills – or at least a cheap copy of them.The way they do this is to place the twitter link in the text part of the link, but setting the target of the link to the spam site. Example:
You have 3 unread message(s)<br/> <a href="http://the-spam-site-address.com/a/site.html>http://twitter.com/account/message/23456-2A67E</a>
The message looks like this and you see the link that appear to go to Twitter.
This method isn’t that new and we have seen it happening before for CNN for example. SpamDrain blocks these messages but we have seen that some of our users report them as not being spam. But obviously they are.