What's this fake Craiglist posting confirmation all about?
I'm confused. I received a bunch of different emails from Craigslist that are posting confirmation receipts for things I actually haven't put up for sale on Craigslist. I clicked on the link to see what was going on and all I got was a "loading" message, and it wasn't even on the craigslist.com domain. What's it all mean, Dave? Is this some sneaky Craigslist phishing attack from some cybercriminals, or a script virus or what?
Okay, we've gone through this before plenty of times. If you get an email that seems at all odd or inexplicable, you really need to make the assumption that it's a scam or hustle of some sort and not click on the links. Sometimes it's pretty obvious what's going on, like a notification of your account being suspended from an organization you aren't even associated with, like a bank.
Other times, however, it is possible, albeit not likely, that the email is legitimate. I mean, it sounds like you have listed at least one thing on Craigslist at some point in your life, so you weren't unfamiliar with the email that was sent. And that, of course, is the game that all these cybercriminals, hackers, bad guys, whatever you want to call them, are playing. It's just as easy to send 500,000 messages as 50, so if there's even a 1% chance that a recipient will find it legit, they could get hundreds or thousands of people to click on their links.
If it's a phishing attack, the resultant page will look legit and have some believable error message on it like "Please log in before proceeding..." and then if you're not paying attention, you enter your account and password. An error ensues "Validated. Please enter again to confirm" and it then switches you to the real site. You blissfully proceed, never realizing that the first of those login screens was just some PC in a basement somewhere, harvesting account credentials. Ugh.
Worse, though, are when they're script attacks because then you don't see anything particularly problematic, just a "working" or "confirmed" or similar message. Done. No worries. Right?
Let's dig into this particular attack and you'll see what's going on. And then regret clicking on that link and, yes, it's time to run some antivirus scanner!
First off, here's one of the many bogus Craigslist messages I've received:
Looks pretty legit, doesn't it? Even to the friendly "if you're experiencing problems" section.
I didn't, of course, actually post that I have a screwdriver set for sale. I don't even own a screwdriver set, let alone a "screwdrivers kit". Hmmm....
Moving my cursor over the link reveals what's going on:
The domain "mainart.cn" is most assuredly not a part of Craigslist, so it's very odd. Still, as a scientist, I'll go ahead and click on it anyway, to see what happens.
It takes me to a page that shows this:
The item posting ID is wrong and the name of the item listed is wrong, but that's not the issue. The issue is "what's going on while it says "please wait...?"
As a first step, I simply went to the top level http://www.mainart.cn/ site, which shows this:
It appears to be a service where they make paintings out of photographs. Okay. I'm 99.9% sure that it's a legit business and they have no idea that there's this nefarious code hanging off their site, actually.
The fact that it says "100% Safe" is just irony, I suppose.
Back to the page that the bogus email sent us to, the answer is revealed when I View Source on the page:
Ahhhh.... that is most assuredly not good. Not good at all. The script is obfuscated so it's not easily read (I chopped out about thirty lines of digits, btw) and it's doing something suspicious to any user who is daft enough to click on the link.
Probably, it's a virus being injected into the system.
So while you're waiting for the posting to "load", the page is actually pushing a virus onto your system. Yikes.
I'll say it again, gang. Do not click on links from messages that are even the slightest bit suspicious or odd. It's way too dangerous.
Oh, and you really need to scan your system for viruses. Good luck.
More Useful Computer and Internet Basics Articles:
✔ How do I blur my house on Google Maps Street View?
I was poking around on Google Maps looking at satellite views of my neighborhood and when I switched to street view, was upset...✔ Create a custom vanity URL for Kickstarter?
I was reading some updates on Twitter and saw someone had posted a URL that would let me see what projects they'd backed...✔ Export or Save Subscription List from Google Reader?
Just heard that Google Reader is going away this summer. That stinks! How am I supposed to read my RSS feeds? More importantly,...✔ Shrink or Reduce a Photo File Size on Mac?
I'm trying to upload some photos to a social media site and it's complaining that they're too big. They are, as they come...✔ Can I organize my Yahoo Mail with folders?
I've been on Yahoo Mail for years and while most of my friends are now on Gmail or their own Web-based email programs,...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
I do have a comment, now that you mention it!
Check This Out Too...
Look for Answers
All Our Categories
Apple iPad Help
Articles and Reviews
Auctions and Online Shopping
Blogs and Blogging
Building Web Site Traffic
Business and Management
Computer and Internet Basics
d) None of the Above
Google Gmail Help
Google Plus Help
Industry News and Trade Shows
iPhone and Cell Phone Help
iPod, Sony PSP and MP3 Player Help
Kindle Fire Help
Mac OS X Help
Pay Per Click (PPC) Advertising
Search Engine Optimization (SEO)
Shell Script Programming
Tech Support Video Help
The Writing Business
Twitter, LinkedIn and Social Network Help
Unix and Linux Help
Video Game Tips and Help
Windows PC Help
Find Me on Google+
ADT on G+