Scammers are targeting Craigslist users again – this time with a phishing page that tries to trick users into believing it’s legitimate by containing a warning about phishing pages:
Unfortunately, the warning contains deliberately misleading information, intended to make the user set aside his potential misgivings about its off-looking URL and enter his login credentials.
Actually, the page in question is a nearly perfect copy of the legitimate Craigslist login page:
As you may notice, the phishing page contains a modified URL in the screenshot, and an additional “explanation” for what part of it represents. But, careful users might be tipped off by the discrepancy in the two URLs (https/http), and also by the phishers failure to modify the URL in the second paragraph.
“The phisher is hiding the phishing page behind two other domains: URL shortener(s) redirect to different pages on free hosting sites which then redirect to the phishing page,” adds Julien Sobrier. “It is a ‘smart’ redirection in the sense that real users are redirected to the phishing page whereas URL shorteners are served with a regular page that looks legitimate. Even if the URL shorteners use a blacklist to prevent abuse, they cannot apply it on the real final destination.”
Your best bet for avoiding falling for this kind of trick is not to follow links offered in emails – even when they look legitimate.
Spend an extra couple of seconds of your time and type in the correct URL yourself (if you know it), follow the bookmark for the page (if you have one), or use a search engine to find the site. If you have used the correct name of the site, chances are high that the first search result will be the one you’re looking for.