Beware of Craigslist phishing email scams

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

It came out of the blue. An email telling me that my listing for a “Sony PlayStation 3 Metal Gear Solid 4 PS3 80GB bundle” had been posted on the Singapore branch of Craigslist.

This was a surprise for me for several reasons. One is that I haven’t been to Singapore for over a year, another is that I’ve never used Craigslist in my life, and finally – and perhaps most importantly – I don’t own a PlayStation 3. (I’m a Nintendo Wii fan).

Craigslist phishing email

But I’m just one of many people who were probably sent this email and some – no doubt – might be curious enough to click on the link to see what on earth this email is about.

Sign up to our free newsletter.
Security news, advice, and tips.

And if you did click on the link then you would be taken to a webpage that looks as stark and barren as the real Craigslist login page:

Craigslist phishing webpage

But, of course, it isn’t the real Craigslist page that you have arrived at, and if you do enter your username and password your details will be spirited away by hackers who will use your identity for their own nefarious purposes.

Remember – it’s not just the online banks, eBay and PayPal who have phishers targeting their users. There are many other sites hungry for your passwords and identities.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.