If you use Craigslist - watch out for this scam!
I know a lot of you have strong opinions about craigslist-- some people think it's a great avenue for real estate marketing, others think it's nothing but a whack-a-doodle magnet. But here's something to keep an eye open for. The latest Internet scam designed to steal your craigslist login and password!
When I logged into my account this morning to post an ad, I saw this warning:
No worries -- I'm not easily taken by scams. I didn't even really read it. I posted an ad for a property that had a recent price adjustment and went on my way. I even included a YouTube video link, thanks to Ryan Shaughnessy and his post TECHNOLOGY TIP - EMBEDDING YOUTUBE AND OTHER VIDEOS IN YOUR CRAIGSLIST AD.
So when I received this email a little bit later:
Your craigslist account is suspended !
craigslist.org noreply@craiglist.org
Important Information :
CRAIGSLIST TERMS OF USE We reserve the right, at our sole discretion, to change, modify or otherwise alter your account at any time. Therefore your account has been blocked.
To avoid deletion of your Craigslist account please Sign In:
http://newyork.craigslist.org/=
Thank you,
Craigslist team
I was genuinely concerned, because I had just done something on craigslist! Luckily, I stopped to think for a second. And looked at the link. It LOOKS like it goes to craigslist, but in reality takes you to http://craiglistwebconf.50webs.com/login.html-- where you are presented with a very realistic looking craigslist login box. But look at that address again! 50webs.com? That's not craigslist! If you were to put your login and password in, you would have just given personal information to a scammer!
Beware of this one because it uses cookies to hide it's tracks (after going there once, it then takes you to the real craigslist). Here are some hints for suspected phishing scams:
- Most reputable web sites don't send emails with dire warning and a link.
- I you do get a dire warning from someone you do business with, don't click on the link in the email! Open you browser and manually type in the address you know that goes to the web site.
- Call the company's customer service line if they have one and ask about the email you recieved to see if it's genuine
- Think a login screen is a fake? Try logging in with a made-up login/password combination. If it's a phishing scheme, it usually will just take you to another fake page.
- ALWAYS look at the web address links take you to. If there is a name you don't recognize before the .com, .net, .org, etc., STOP!
Please be vigilant -- the Internet can be a scary place!
Comments(8)