The Number of Phishing Emails Impersonating Craigslist Is Growing

By Supriyo Chatterji / October 26, 2021

Craigslist has become a place for hackers to get the email addresses of the website’s users and send them phishing emails. These often contain brand impersonation, such as DocuSign, Microsoft, and Norton to suggest safety and make targets trust them, and sent fake Craigslist violation emails to lead victims to a malware download link eventually.

One such email prompted a user to click a compromised link citing “inappropriate content” and terms of use violation.

source: inky

The compromised link given in the email led to an uploaded Microsoft OneDrive document hosting a “Download” button for filling an adjoined form and sending it over to This form also hosts fake antivirus and antimalware signs so users can get duped into trusting them.

source: inky

Users often get tricked because the emails are sent using Craigslist domains, in this case, IP address, but are not directly sent by the website’s owner or admin systems.

source: inky

However, researchers discovered the link led to a Russian domain (myjino[.]ru). Plus, the download itself is a compromised document “form_1484004552-10012021.xls,” already flagged by public cybersecurity advisors online.

source: inky

Even though DocuSign does not have a service called “DocuSign Protect Service," this name was used to inspire trust adding the Norton and Microsoft logos as well. The brand noticed this misuse in November 2020, and it was posted in the alerts section of its website.

If unsuspecting targets go the distance with this malware, then they could have remote access tools covertly installed on their devices. They could also be subjected to a ransomware attack, Emotet-based email breach, log-in details exfiltration, keylogger installation, etc. Craiglist users are advised to exercise caution regarding all such emails and use only authenticated sources for processing user-related issues.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari