craigslist.org: Account Temporarily suspended – Fraud

Stealing Craigslist usernames and passwords is becoming increasingly popular amount Internet spammers and hackers.

The latest campaign warns of account suspension in order to get the recipient’s attention:

Subject:     craigslist.org: Account Temporarily suspended
From:     “craigslist.org” <noreply@craigslist.org>

Though the message actually comes from hijacked Yahoo email accounts (from nm11-vm0.bullet.mail.ac4.yahoo.com) the email itself is a pretty good approximation of a legitimate Craigslist notification:

Craigslist.org Account Temporarily Suspended - Fraud

Click for Larger Image

The bait here is that this email claims that your account “needs to be authenticated by phone” which sounds harmless enough.

The problem is that the link for “Go To Phone Authentication” actually leads you to a Phish Bait site, designed to accurately mimic a legitimate Craigslist login page:

Craigslist Phsihing Pag

Click for Larger Image

Overall the quality of this Phishing campaign is quite good. The initial email is convincing enough, and the landing page is a very good representation as well.

A few extra touches will likely make this a more successful Phishing expedition than most:

  • In order to help evade spam filtering the initial email not only includes the recipient’s email address within the body of the message, but also contains between 50 and 100 randomly generated words that are not visible to the human reader but are embedded to confuse filtering systems.
  • The landing page contains several legitimate links and a very nice CAPCHA from that is just as irritating and annoying as those used by legitimate Craigslist pages.

Overall, this latest Craigslist Phishing fraud is a step above average and can reasonably be expected to generate much better than average results when it comes to successfully tricking legitimate users into voluntarily surrendering their Craigslist account information.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , ,

3 Responses to “craigslist.org: Account Temporarily suspended – Fraud”

  1. bindar says:

    Have received TWO from address to try and get me to sign up for Internet dating service and it uses the CRAIGSLIST.org email address.

  2. James Clark says:

    I received the account suspended due to fraud notice. Thinking it was legit I followed the link and now there is an add for an Audi car that I DID NOT POST so how do I get this freakn hacker so I can get my adds published again. I have not received 1 call from either ad?

    Please tell me what I need to do?

    Thanks
    James

  3. Unfortunately we’ve had zero luck getting anyone at Craigslist.org to respond to any type of customer request.

    We’ve tried multiple times on several issues, and it seems they just can’t be bothered.

    As such, all we can do is suggest you contact their support dept, but we do so with the knowledge that you’ll not likely receive any type of reply (beyond an auto-reply, and that’s only a maybe).

    Sorry we can’t offer any better advice.