Account Update Notice – Craigslist Fraud

While spam volumes may be down, the Phishing fraud’s continue in high volume with Craigslist.org users being highly favored targets.

Look for these spam emails to trap unsuspecting users:

Subject:     Account Update Notice
From:     “craigslist” <help@craigslist.org>

While they spoof  “help@craigslist.org” as the sending address, most that we’ve reviewed have come from various hijacked Earthlink accouts:

from elasmtp-banded.atl.sa.earthlink.net ([209.86.89.70])
from elasmtp-scoter.atl.sa.earthlink.net ([209.86.89.67])

Here’s a complete copy of one of these “Account Update Notice” frauds:

Account Update Notice - Craigslist Fraud

Click for Larger Image

In a nutshell, the email’s main warning that’s used to get your attention is this:

According to our records, your account has violated our site policies.

The rest of the email attempts to drive you to log into your Craigslist account:

https://accounts.craigslist.org/

And, if you follow the link, you’ll see this page below:

Craigslist Phishing Fraud Landing Page

Click for Larger Image

 

But the fact is you’re looking at a Phishing Fraud landing page that the spammer is using to steal any username/passwords that visitors are willing to share.

While many servers are used to perpetrate this fraud, the screen capture above come from http://craigslist.x10.bz/l0g_in/

In a clever twist, after capturing your login information, you’ll then be redirected to the real https://accounts.craigslist.org/ site.

The purpose of this last bit is to trick you into believing that your first login attempt simply failed, making it less likely you’ll realize you’ve just given your username and password to some spammer, likely on the other side of the world.

 

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , ,

Comments are closed.