Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Issue 100 - March 2010 - Page 14

Pages in this month's issue:
  1. Costa Rica Turtle Egg Harvest Protest Email
  2. Gordon Lightfoot Death Hoax
  3. Automation Labs Facebook Privacy Warning Hoax
  4. Indian Department of Revenue Tax Refund Scam
  5. Maroochydore High School Answering Machine Message Hoax
  6. National Health Anti-Fraud Association Complaint Scam Email
  7. Boy Shot By Step Dad Charity Hoax
  8. Facebook Gold Account Hoaxes
  9. Bank of America Software Upgrade Phishing Scam
  10. Immigration Quote Wrongly Attributed to Sir Edmund Barton
  11. False Rumours Claim That Facebook is About to Start Charging User
  12. Gordon Brown Smiling Virus Hoax
  13. Giant George - Huge Great Dane
  14. Craigslist Account Phishing Scam
  15. ATO Cut Off Taxes Program Phishing Scam Email
  16. Mercedes-Benz Test Questions Advance Fee Scam
  17. Check Out YouTube Request - Facebook Trojan Worm Warning

Issue 100 Start Menu

Previous Article            Next Article

Craigslist Account Phishing Scam

Outline
Email, purportedly from online classifieds website Craigslist, claims that the recipient's Craigslist account has been blocked and he or she must follow a link in the message to confirm account details.



Brief Analysis
The message is not from Craigslist. It is a phishing scam designed to steal account information from Craigslist users. Those who follow the link will be taken to a bogus "login" webpage that can harvest their account credentials for the use of Internet scammers.

Example:
Subject: Important NOTICE: Registration Suspension

Important Craigslist Information

We recently have determined that different computers have logged into your account, and multiple password failures were present before the login. Therefore your account has been blocked. To avoid deletion of your Craigslist account please Sign In :
Click here to confirm your Craigslist account. [Link Removed]
Thanks,
Craigslist team

________________________________________

Copyright 2005-2010 Craigslist International Limited.




Detailed Analysis
Craigslist Bogus Login Page
This screenshot of the bogus login page shows how closely it resembles the genuine article.
This email, which purports to be from popular online community and classified advertisements website, Craigslist, warns the recipient that his or her Craigslist account has been blocked because of multiple failed login attempts from different computers. It claims that, unless the user signs in to confirm his or her account via a link in the message, the account will be deleted.

However, the message is not from Craigslist and the claim that the user's account has been blocked is untrue. In fact, the email was sent by Internet criminals and is designed to steal Craigslist account information. Those who fall for the ruse and follow the link in the message will be taken to a bogus login webpage constructed to resemble the genuine Craigslist login. Given the rather bland and sparse appearance of Craigslist web pages, it is not at all difficult for scammers to duplicate them with a high degree of accuracy.

If a user is tricked into "logging on" to the bogus web page, his or her login details can them be easily collected by the criminals running the scam and subsequently used for their own nefarious purposes. Once the scammers have such login details, they are then able to access their victim's real Craigslist account and conduct fraudulent activities in his or her name. Craigslist has warned members about such phishing scams via a prominent note on the site's genuine login page. The note states:
WARNING: scammers may try to steal your username and password, by sending you an official-looking email with a link to a fake craigslist login page that looks like the page you're on now, hoping you'll type in your username and password. Look carefully at the web address near the top of your browser to make sure you are on the real craigslist login page,
https://accounts.craigslist.org

The safest way to login is go to the craigslist homepage directly by typing in the web address, and then clicking on the 'my account' link.
Many phishing scams follow very similar tactics to those described above. It is very common for phishing scam emails to claim that an account with the targeted company or financial institution has been blocked due to an unexpected problem or suspected fraud. Such emails generally instruct recipients to follow a link to a bogus website that can steal their account login details and, in many cases, personal information such as credit card numbers, social security numbers, bank account details, and contact information.

When operating such scams, criminals may randomly distribute many thousands or even millions of identical phishing emails like the one above in the hope of netting victims. Many more experienced recipients will be aware of such scams and will not be fooled. Many others will not even have an account with the targeted service or institution and will thus ignore the message as a mistake or not applicable. However, a few may hold accounts with the targeted service and also be unaware of how such scams operate. These few are the criminal's primary target. Even if only a handful of people fall for each scam operation, the scam will pay off handsomely for the criminals responsible.

Internet users should be very cautious of any email that claims that there is a problem with their account and that they must follow a link in the message to submit information and restore account access.

For more information about phishing scams, see:
Phishing Scams - Anti-Phishing Information


Bookmark and Share



References
craigslist: Account Log In Warning Note
Phishing Scams - Anti-Phishing Information

Previous Article            Next Article

Issue 100 Start Menu

Pages in this month's issue:
  1. Costa Rica Turtle Egg Harvest Protest Email
  2. Gordon Lightfoot Death Hoax
  3. Automation Labs Facebook Privacy Warning Hoax
  4. Indian Department of Revenue Tax Refund Scam
  5. Maroochydore High School Answering Machine Message Hoax
  6. National Health Anti-Fraud Association Complaint Scam Email
  7. Boy Shot By Step Dad Charity Hoax
  8. Facebook Gold Account Hoaxes
  9. Bank of America Software Upgrade Phishing Scam
  10. Immigration Quote Wrongly Attributed to Sir Edmund Barton
  11. False Rumours Claim That Facebook is About to Start Charging User
  12. Gordon Brown Smiling Virus Hoax
  13. Giant George - Huge Great Dane
  14. Craigslist Account Phishing Scam
  15. ATO Cut Off Taxes Program Phishing Scam Email
  16. Mercedes-Benz Test Questions Advance Fee Scam
  17. Check Out YouTube Request - Facebook Trojan Worm Warning