Craigslist has been a popular site over the years for people to buy and sell things and look for services. While its user base has steadily been dropping over the last few years, many people still use it. Tap or click here for the best app for finding someone to paint your house, clean up your lawn or take on a bigger renovation project.
Now cybercriminals have found a clever way to target Craigslist users. And it’s not fake designer items to watch for. It’s an ingenious system to infect your device with malware.
A recent investigation by a cybersecurity company revealed how hackers are abusing Craigslist’s built-in messaging function to target victims. Read on to find out how they’re doing this and ways to protect your devices.
Here’s the backstory
Craigslist started in 1995 as a way for people to sell, buy or advertise products or services. When you find something that you like, you can send the seller a message. The system is designed so that anybody can be contacted and uses Craigslist’s mail relay function.
In theory, this provides the sender and receiver with online security, as real names and email addresses aren’t revealed. And it is this system that cybercriminals have figured out how to about. They are sending spoofed messages that could lead to infecting your device with malware.
According to security company INKY, users have been receiving messages from the actual Craigslist domain, notifying them that their recently-posted ads will be removed. But the messages are fake, as Craigslist (the platform) didn’t send them.
The messages instruct users to click an official-looking button included in the email to correct their ad. But if they do, they are taken to a malicious document uploaded to Microsoft OneDrive.
The document is allegedly a form that the user needs to fill out and send back to Craigslist to correct the issue with their post. In reality, the document isn’t an official form at all. It’s a compressed spreadsheet with macros enabled. Once downloaded, it infects your device with malware.
“Users who clicked on ‘Enable Editing’ and ‘Enable Content’ bypassed Microsoft Office security controls and allowed the macros to be executed,” INKY explained.
The company confirmed that the malicious document ended up creating and modifying documents. The malware also attempted to make external connections to download more components or steal data.
What you can do about it
It is tricky when an email is seemingly sent from an official address or legit company. Luckily scammers do make mistakes. Here are some things that you can look out for:
- Be careful when you receive an unsolicited email. Check the email for grammatical errors or spelling mistakes.
- Ensure the sender’s domain is real. Sometimes scammers will use a fake domain name that is strikingly similar to the real one.
- Don’t click links or open attachments found inside unsolicited messages. If you need to conduct business with a company, contact them directly through official email addresses or its website.
- Have strong antivirus software on all your devices to protect against malware. Tap or click here for three reasons you shouldn’t go another day without antivirus software on your computer.