A service like Craigslist is bound to bring out some shady characters. I know that the few times I have listed something, I have received inquiries from prospective buyers willing to pay more than I was even asking if I would just agree to ship the item to them on faith first. Um, no.
Well, there is apparently a new kind of Craigslist spear phishing attack, but the attacker chose the wrong victim and now we all get to learn from the experience. A Microsoft security researcher was almost duped into surrending his Craigslist credentials.
Check out this Microsoft Malware Protection Center blog post for details of the attack, and how it was identified and avoided. The following are some basic guidelines from the blog post that you can use to avoid becoming a victim of a similar attack: