Staying safe when selling on Craigslist

Selling items on Craigslist can be an easy way to clean out the clutter and make some extra cash, but the online marketplace isn't always the safest place to buy and sell, as Craigslist itself warns users. To demonstrate the hazards and gain some attention for its name and services, the anti-virus and security company CyberDefender, staged what it called a "sting" operation on Aug. 3.

Cyber Defender placed ads in six Craigslist categories. Four of the ads received responses from phishing operations, each trying to trick the advertiser into revealing its private account information. Some of the responses arrived withing 24 hours of the ads' placement.

Typically, the phishing e-mails would direct the advertiser to a fake Craigslist web page in which they were instructed to enter the account information to confirm the their identity and/or ownership of the advertised items. With the private information collected, the phishing outfit would then follow up with a deluge of phishing attempts seeking eBay and PayPal login information, according to Achal Khetarpal, Director of CyberDefender Research Labs.
Below is an example of a fake Craigslist login page. Notice that the web address ends in instead of as it should.

Craigslist scams, like many online phishing attacks, aren't limited to taking your account information. They may also ask for personal information such as a Social Security number, or bank or credit card information, under the pretense of processing payment.

Khetarpal offers these tips for staying safe on Craigslist.
  • Never click on any links in emails asking you to log into your Craigslist account. Instead, go to directly to access your account.
  • Always use an email address created specifically for your Craigslist postings. You will be able to identify suspicious e-mails this way.
  • Do not click on any links that potential buyers send to you If you get an e-mail asking for financial information, delete it right away.
  • Only deal with local buyers. Scams involving supposed international buyers claiming they will wire the seller money for the item are still popular.
  • Always be on the look out for "job" posting that seem too good to be true. Cyber-criminals often use these job boards to try and recruit money mules to launder illicit funds.
  • Use an anti-phishing plug-in for your browser to help protect you from scams.
Many new web browsers feature built-in phishing protection that will alert you when it detects that a web site is trying to pretend to be something it is not. Even with plug-ins and modern browsers you should still exercise common sense when doing business online.

Khetarpal also recommends that if you believe you have been the victim of a scam that you file a complaint with the Federal Trade Commission at
Read Full Story