Phishing: stealing accounts, passwords, or financial information by masquerading as a trusted party.
Phishers may send you an official looking email with a link to a real looking (but fake) craigslist site.
If you type your login and password into the fake CL site, the phisher can take over your account and use it to post scam ads on CL.
How phishing works:
1. You receive a supposedly official email from craigslist, asking you to confirm your password, username, phone number, or credit card information.
- This email may threaten you with the removal of your posts or the closure of your account if you do not comply immediately.
- If the sender is using email spoofing, the message may appear to come directly from craigslist.
2. You click the link in the email and are taken to a fraudulent third-party site that may resemble a legitimate craigslist page.
3. You may be asked to download an attachment, install specific software, or receive a message to your phone.
4. You enter your login information on the fraudulent page, inadvertently providing it to a third party.
5. The third party scammer can then use the information you provided to gain access to your actual craigslist account.
How to avoid phishing attempts and protect your account information
- Never click on email links that ask you for any personal or account information.
- Make sure to login to your account only by navigating manually to craigslist.org.
- If you are unsure about the status of your account or your posts, the safest way to check is to go directly to craigslist.org and login.
- If you do not see any problems within your account, you can safely ignore any messages to the contrary.
- Never provide a phone authentication code to anyone else.
- craigslist will only ask for you to enter it on our site as part of the posting process.
- Use common sense. If an email seems suspicious, fishy, or too good to be true. . . it probably is!
Think you've been phished?
If you use the same password for your email account (or any other services), you may want to change those passwords as well.
Examples of common phishing emails
Each message below is an example of a fraudulent message sent to craigslist users.
Attention Craigslist User,
My name is James Burritt, Ceo of Craigslist. We have recently partnered up with Apple regarding a one-time promotional event today, we are giving away complimentary Apple iPhones and iPads to randomly selected individuals who have submitted an advert on C-list. You have been picked as one of our most recent winners for today. We randomly select numbers to match up with ads on Craigslist and your advertisement matched with our latest drawing. We have partnered up with Apple to advertise their hottest product yet, the Apple iPhone and iPad. Once again, we are running this promotion for one-day only. All you need to do is CLICK HERE to visit our web site made for this promotion and fill out this short survey to get yours for free. Simply make sure you enter your email so we can locate our records to guarantee that we have reserved one for you. That is it!
Congrats on winning a free Apple iPhone4 and iPad2. In case you have any query or concerns, feel free to email me back. However, you should claim your free iPhone and iPad 1st to ensure one will be set-aside for you before the deadline ends. We do understand that you may not receive this email until after the deadline, but, we advise you check out the website and enter your email to see if we still have got yours on hold, which we often-times do because others have not claimed theirs in time. James Burritt CEO, Craigslist
Download the attachment and follow the instructions to REACTIVATE your POSTING.
Sorry for the inconvenience, and thanks for your understanding.
Thanks for using craigslist!
If you do not respond within 24 hours your account will be deleted and you will not be able to use craigslist for the next 6 months.
WARNING!! *** WARNING!! *** WARNING!! *** WARNING!!
Our system flagged your account from our data base and will remove it in 24 hours unless you complete the Phone verified craigslist accounts.
Click on the link bellow and enter your Phone to get craigslist account verified:
[fraudulent link goes here]
If not clickable, please copy and paste the address to your browser
Thanks for using craigslist!