The Security Detail

May 31 2011   5:02PM GMT

Craigslist Spear Phishing Attack Targets the Wrong Guy

Tony Bradley Tony Bradley Profile: Tony Bradley

A service like Craigslist is bound to bring out some shady characters. I know that the few times I have listed something, I have received inquiries from prospective buyers willing to pay more than I was even asking if I would just agree to ship the item to them on faith first. Um, no.

Well, there is apparently a new kind of Craigslist spear phishing attack, but the attacker chose the wrong victim and now we all get to learn from the experience. A Microsoft security researcher was almost duped into surrending his Craigslist credentials.

Check out this Microsoft Malware Protection Center blog post for details of the attack, and how it was identified and avoided. The following are some basic guidelines from the blog post that you can use to avoid becoming a victim of a similar attack: 

  • Verify the address you are visiting is indeed the intended address. For example, ensure you are not visiting thinking that it is
  • Do not give out personal information just because an email asks you to, even if that email looks to be originating from a trusted source.
  • Report these types of attacks to the relevant abuse departments and complaints agencies.
  •  Comment on this Post

    There was an error processing your information. Please try again later.
    Thanks. We'll let you know when a new response is added.
    Send me notifications when other members comment.

    Forgot Password

    No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

    Your password has been sent to:

    Share this item with your network: