May 31 2011 5:02PM GMT

Craigslist Spear Phishing Attack Targets the Wrong Guy

Posted by: Tony Bradley

attack, Craigslist, malware, Microsoft, spear phishing

A service like Craigslist is bound to bring out some shady characters. I know that the few times I have listed something, I have received inquiries from prospective buyers willing to pay more than I was even asking if I would just agree to ship the item to them on faith first. Um, no.

Well, there is apparently a new kind of Craigslist spear phishing attack, but the attacker chose the wrong victim and now we all get to learn from the experience. A Microsoft security researcher was almost duped into surrending his Craigslist credentials.

Check out this Microsoft Malware Protection Center blog post for details of the attack, and how it was identified and avoided. The following are some basic guidelines from the blog post that you can use to avoid becoming a victim of a similar attack:

Verify the address you are visiting is indeed the intended address. For example, ensure you are not visiting cralgsIist.org thinking that it is craigslist.org.

Do not give out personal information just because an email asks you to, even if that email looks to be originating from a trusted source.

Report these types of attacks to the relevant abuse departments and complaints agencies.

Comment

RSS Feed

Email a friend

The Security Detail

Craigslist Spear Phishing Attack Targets the Wrong Guy

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts