Okay, we've gone through this before plenty of times. If you get an email that seems at all odd or inexplicable, you really need to make the assumption that it's a scam or hustle of some sort and not click on the links. Sometimes it's pretty obvious what's going on, like a notification of your account being suspended from an organization you aren't even associated with, like a bank.
Other times, however, it is possible, albeit not likely, that the email is legitimate. I mean, it sounds like you have listed at least one thing on Craigslist at some point in your life, so you weren't unfamiliar with the email that was sent. And that, of course, is the game that all these cybercriminals, hackers, bad guys, whatever you want to call them, are playing. It's just as easy to send 500,000 messages as 50, so if there's even a 1% chance that a recipient will find it legit, they could get hundreds or thousands of people to click on their links.
If it's a phishing attack, the resultant page will look legit and have some believable error message on it like "Please log in before proceeding..." and then if you're not paying attention, you enter your account and password. An error ensues "Validated. Please enter again to confirm" and it then switches you to the real site. You blissfully proceed, never realizing that the first of those login screens was just some PC in a basement somewhere, harvesting account credentials. Ugh.
Worse, though, are when they're script attacks because then you don't see anything particularly problematic, just a "working" or "confirmed" or similar message. Done. No worries. Right?
Wrong.
Let's dig into this particular attack and you'll see what's going on. And then regret clicking on that link and, yes, it's time to run some antivirus scanner!
First off, here's one of the many bogus Craigslist messages I've received:
Looks pretty legit, doesn't it? Even to the friendly "if you're experiencing problems" section.
I didn't, of course, actually post that I have a screwdriver set for sale. I don't even own a screwdriver set, let alone a "screwdrivers kit". Hmmm....
Moving my cursor over the link reveals what's going on:
The domain "mainart.cn" is most assuredly not a part of Craigslist, so it's very odd. Still, as a scientist, I'll go ahead and click on it anyway, to see what happens.
It takes me to a page that shows this:
The item posting ID is wrong and the name of the item listed is wrong, but that's not the issue. The issue is "what's going on while it says "please wait...?"
As a first step, I simply went to the top level http://www.mainart.cn/ site, which shows this:
It appears to be a service where they make paintings out of photographs. Okay. I'm 99.9% sure that it's a legit business and they have no idea that there's this nefarious code hanging off their site, actually.
The fact that it says "100% Safe" is just irony, I suppose.
Back to the page that the bogus email sent us to, the answer is revealed when I View Source on the page:
Ahhhh.... that is most assuredly not good. Not good at all. The script is obfuscated so it's not easily read (I chopped out about thirty lines of digits, btw) and it's doing something suspicious to any user who is daft enough to click on the link.
Probably, it's a virus being injected into the system.
So while you're waiting for the posting to "load", the page is actually pushing a virus onto your system. Yikes.
I'll say it again, gang. Do not click on links from messages that are even the slightest bit suspicious or odd. It's way too dangerous.
Oh, and you really need to scan your system for viruses. Good luck.
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
Thanks for the info. That's wild.