Security Corner

Jun 12 2010   1:13AM GMT

Craigslist Targeted Phishing Emails

Ken Harthun Ken Harthun Profile: Ken Harthun

A client received this email this morning and wanted to know if it was legit:

From: craigslist [mailto:noreplay@craigslist.org]
Sent: Thursday, June 10, 2010 8:53 PM
To: undisclosed-recipients
Subject: Your posting has been flagged for removal

Your posting has been flagged for removal.
Approximately 98% of postings removed are in violation of craigslist posting guidelines.

Please make sure you are abiding by all posted site rules, including our terms of use: htt p://www.craigslist.org/about/terms.of.use.html.

If you need help figuring out why your posting was flagged, try asking in our flag help forum. Include posting title, body, category, city, how often posted, any images, HTML markup, etc.

If you feel your posting was wrongly flagged down (2% of flagged ads are) please accept our
apologies and feel free to repost using the link below:

htt p://www.craigslist.org/about/ctd/repost.html.

Sorry for the hassle, and thanks for your understanding.

Date: 1257114516
PostID: 1447127268

Of course, the email isn’t legit, it’s a targeted phishing attack. Hence, my reply to his query:

It is indeed a hoax, perhaps better described as a targeted phishing attack. See: http://antifraudintl.org/showthread.php?t=38214. If you hover your mouse over the link, Outlook will show you the actual destination of the link. In this case, the link points to: http://home.comcast.net/~pollynopo/account-crg.org.html. This takes you to a page that purports to be a Craigslist account log in page, but is actually a fake designed to steal your credentials. Just for fun, I used a bogus email address from mailinator.com and a few choice words for the password. When I clicked the “Login” button, I was taken to the real Craigslist terms of use page. Some crook somewhere now has my fake “credentials” for Craigslist.

The URL does not contain a virus and is harmless except for the fact that if you did fall for it, the crooks or spammers who stole your credentials will use your account to spread their spam or scam and YOU will get banned from Craigslist for it.

Let me point out a few things you can do and some things to look for when you get one of these emails:

1. Take a close look at the link in the email. Often there are misspellings or other subtle errors. In this case the link appears to be legit, but look closely at the first few characters:htt p://www.craigslist.org/about/terms.of.use.html — there’s a space in there. It should be “http://,” not “htt p://.”
2. Hover your mouse over the link and note where the link is pointing. If what is shown doesn’t match the link exactly, it’s bogus.
3. Do a Google search on the email subject; you’ll probably find out it’s a hoax in the first few listings.
4. A good site to join and check regularly is http://antifraudintl.org.
5. When you get some negative action email like this, ALWAYS check it out before you act. Be proactive; the scammers are betting that you will have the “Omigod!” reaction and just click the link without thinking.

Hope this helps.

Have a great weekend.
Cheers!
Ken

Be careful out there, folks!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: