The Security Detail

May 31 2011   5:02PM GMT

Craigslist Spear Phishing Attack Targets the Wrong Guy



Posted by: Tony Bradley
Tags:
attack
Craigslist
malware
Microsoft
spear phishing

A service like Craigslist is bound to bring out some shady characters. I know that the few times I have listed something, I have received inquiries from prospective buyers willing to pay more than I was even asking if I would just agree to ship the item to them on faith first. Um, no.

Well, there is apparently a new kind of Craigslist spear phishing attack, but the attacker chose the wrong victim and now we all get to learn from the experience. A Microsoft security researcher was almost duped into surrending his Craigslist credentials.

Check out this Microsoft Malware Protection Center blog post for details of the attack, and how it was identified and avoided. The following are some basic guidelines from the blog post that you can use to avoid becoming a victim of a similar attack: 

  • Verify the address you are visiting is indeed the intended address. For example, ensure you are not visiting cralgsIist.org thinking that it is craigslist.org.
  • Do not give out personal information just because an email asks you to, even if that email looks to be originating from a trusted source.
  • Report these types of attacks to the relevant abuse departments and complaints agencies.
  •  Comment on this Post

     
    There was an error processing your information. Please try again later.
    Thanks. We'll let you know when a new response is added.
    Send me notifications when other members comment.

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Forgot Password

    No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

    Your password has been sent to: