The Number of Phishing Emails Impersonating Craigslist Is Growing

  • Craigslist Gsuite & Microsoft users are being targeted with phishing emails that present a fake user login page.
  • These emails rely on brand impersonation and abuse of cloud and web resources.
  • Using tainted links in emails, they can also install various types of malware.

Craigslist has become a place for hackers to get the email addresses of the website’s users and send them phishing emails. These often contain brand impersonation, such as DocuSign, Microsoft, and Norton to suggest safety and make targets trust them, and sent fake Craigslist violation emails to lead victims to a malware download link eventually.

One such email prompted a user to click a compromised link citing “inappropriate content” and terms of use violation.

source: inky

The compromised link given in the email led to an uploaded Microsoft OneDrive document hosting a “Download” button for filling an adjoined form and sending it over to violations@craiglist.org. This form also hosts fake antivirus and antimalware signs so users can get duped into trusting them.

source: inky

Users often get tricked because the emails are sent using Craigslist domains, in this case, IP address 208.82.237.105, but are not directly sent by the website’s owner or admin systems.

source: inky

However, researchers discovered the link led to a Russian domain (myjino[.]ru). Plus, the download itself is a compromised document “form_1484004552-10012021.xls,” already flagged by public cybersecurity advisors online.

source: inky

Even though DocuSign does not have a service called “DocuSign Protect Service," this name was used to inspire trust adding the Norton and Microsoft logos as well. The brand noticed this misuse in November 2020, and it was posted in the alerts section of its website.

If unsuspecting targets go the distance with this malware, then they could have remote access tools covertly installed on their devices. They could also be subjected to a ransomware attack, Emotet-based email breach, log-in details exfiltration, keylogger installation, etc. Craiglist users are advised to exercise caution regarding all such emails and use only authenticated sources for processing user-related issues.

REVIEW OVERVIEW

Latest

Will There Be a Money Heist Season 6 on Netflix?

As Money Heist came to an end on December 3, it left fans wondering what would happen next. Even though this was...

How to Watch Atlanta Hawks Games Online Without Cable

The Atlanta Hawks are one of the most exciting teams in the NBA, with a great core of talented young players and...

Android Users Now Have Access to Google Photos’ Locked Folder

The Google Photos 'Locked Folder' is rolling out to Android and older Pixel devices that didn't get it at launch.This feature lets...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari