Beware of Craigslist phishing email scams

Graham Cluley
@gcluley

It came out of the blue. An email telling me that my listing for a “Sony PlayStation 3 Metal Gear Solid 4 PS3 80GB bundle” had been posted on the Singapore branch of Craigslist.

This was a surprise for me for several reasons. One is that I haven’t been to Singapore for over a year, another is that I’ve never used Craigslist in my life, and finally – and perhaps most importantly – I don’t own a PlayStation 3. (I’m a Nintendo Wii fan).

But I’m just one of many people who were probably sent this email and some – no doubt – might be curious enough to click on the link to see what on earth this email is about.

And if you did click on the link then you would be taken to a webpage that looks as stark and barren as the real Craigslist login page:

But, of course, it isn’t the real Craigslist page that you have arrived at, and if you do enter your username and password your details will be spirited away by hackers who will use your identity for their own nefarious purposes.

Remember -…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.