Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Craigslist Account Phishing Scam

Outline
Emails, purportedly from online classifieds website Craigslist, claim that the recipient's Craigslist account has been blocked and he or she must follow links in the messages to confirm account details.



Brief Analysis
The messages are not from Craigslist. They are phishing scams designed to steal account information from Craigslist users. Those who follow the links will be taken to a bogus "login" webpage that can harvest their account credentials for the use of Internet scammers.

Bookmark and Share
Detailed analysis and references below example.





Scroll down to submit comments
Last updated: 11th December 2011
First published: 30th January 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples:
Subject: Craigslist - Your account has been blocked

Pay attention and read carefully!

Your account has been temporarily suspended.

We recently reviewed your account, and we are suspecting that your Craigslist account may have been accessed from an unauthorized computer. . This may be due to changes in your IP address or location. Protecting the security of your account and of the Craigslist network is our primary concern. To protect your account please follow the instructions below:

* DO NOT SHARE YOUR PASSWORD WITH OTHER USERS
* LOG OFF AFTER USING YOUR ONLINE ACCOUNT

Please click on the following link, to verify your account activity:
[Link removed]

We apologize for any inconvenience this may cause, and appreciate your support in helping us maintaining the integrity of the entire Craigslist system. Please login as soon as possible..

Thank You.

Subject: Important NOTICE: Registration Suspension

Important Craigslist Information

We recently have determined that different computers have logged into your account, and multiple password failures were present before the login. Therefore your account has been blocked. To avoid deletion of your Craigslist account please Sign In :
Click here to confirm your Craigslist account. [Link Removed]
Thanks,
Craigslist team

________________________________________

Copyright 2005-2010 Craigslist International Limited.




Detailed Analysis
Craigslist Bogus Login Page
This screenshot of the bogus login page shows how closely it resembles the genuine article.
Emails, which purports to be from popular online community and classified advertisements website, Craigslist, warn the recipient that his or her Craigslist account has been blocked because of multiple failed login attempts from different computers or unathorized access attempts. They claim that, unless the user signs in to confirm his or her account via a link in the message, the account will be deleted.

However, the messages are not from Craigslist and the claim that the user's account has been blocked is untrue. In fact, the emails were sent by Internet criminals and are designed to steal Craigslist account information. Those who fall for the ruse and follow the link in the messages will be taken to a bogus login web page constructed to resemble the genuine Craigslist login. Given the rather bland and sparse appearance of Craigslist web pages, it is not at all difficult for scammers to duplicate them with a high degree of accuracy.

If a user is tricked into "logging on" to the bogus web page, his or her login details can them be easily collected by the criminals running the scam and subsequently used for their own nefarious purposes. Once the scammers have such login details, they are then able to access their victim's real Craigslist account and conduct fraudulent activities in his or her name. Craigslist has warned members about such phishing scams via a prominent note on the site's genuine login page. The note states:
WARNING: scammers may try to steal your username and password, by sending you an official-looking email with a link to a fake craigslist login page that looks like the page you're on now, hoping you'll type in your username and password. Look carefully at the web address near the top of your browser to make sure you are on the real craigslist login page,
https://accounts.craigslist.org

The safest way to login is go to the craigslist homepage directly by typing in the web address, and then clicking on the 'my account' link.
Many phishing scams follow very similar tactics to those described above. It is very common for phishing scam emails to claim that an account with the targeted company or financial institution has been blocked due to an unexpected problem or suspected fraud. Such emails generally instruct recipients to follow a link to a bogus website that can steal their account login details and, in many cases, personal information such as credit card numbers, social security numbers, bank account details, and contact information.

When operating such scams, criminals may randomly distribute many thousands or even millions of identical phishing emails like the one above in the hope of netting victims. Many more experienced recipients will be aware of such scams and will not be fooled. Many others will not even have an account with the targeted service or institution and will thus ignore the message as a mistake or not applicable. However, a few may hold accounts with the targeted service and also be unaware of how such scams operate. These few are the criminal's primary target. Even if only a handful of people fall for each scam operation, the scam will pay off handsomely for the criminals responsible.

Internet users should be very cautious of any email that claims that there is a problem with their account and that they must follow a link in the message to submit information and restore account access.

For more information about phishing scams, see:
Phishing Scams - Anti-Phishing Information


Bookmark and Share

References
craigslist: Account Log In Warning Note
Phishing Scams - Anti-Phishing Information

Last updated: 11th December 2011
First published: 30th January 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer