I came across a simple yet interesting Craigslist scam this week. The scam appears to start with your email address being scraped from a
Craigslist ad that you've posted. (I am currently investigating why a
Google result exposes an email address that was supposed
to be annonomyzed by Craigslist.) Since the scammer knows you've
posted on Craigslist, a targeted email is sent to the scraped address
that looks like this in the inbox:
Drilling down ...
Uh, oh! In a panic, I'd better investigate why my ever-so-important Craigslist account has been suspended.
Wait, what's this? If I hover over the Login link, what do I find? Hmmm ... I wasn't expecting to see that URL.
Manually navigating to pw2.ro/808 in a virtual desktop environment, I am redirected cltos-change.ucoz.org/secure/survey/1/:
Whew! I'm back at Craigslist. Or am I?
How many times will you enter your UN and PW before you figure out you've been pwned?
At the time of this writing, trustedsource.org and senderscore.org have nothing negative to say about either of the URL's I posted, so they don't yet have a bad reputation.
The best approach to protecting yourself is a combination of education and a technology safety net. Be careful out there!
No comments:
Post a Comment