by Dan Lenehan
When we were planning to sell some office furniture before our move to the new vFlyer office this week, the first thing we did (of course) was create a flyer, fill it with photos of cubicles and swivel chairs, and post it to Craigslist. Craigslist, as many of you know, is the most popular classifieds website in the country, so it’s an obvious place to post this kind of flyer.
A few days after we posted it, we received an email from “craigslist.org” notifying us that our post had been flagged and removed. We had gotten a few spam emails previously from people who either claimed they wanted to buy our items but needed some personal information from us first, or that had nothing to do with the post at all. When I opened this email, however, I immediately thought that it was an authentic message from Craigslist. It referenced the post, after all, and had all the trappings of an official Craigslist email.
Upon closer inspection, though, I noticed that there was an option to remove the flag from the listing, which Craigslist doesn’t support (why would Craigslist allow people whose posts have been flagged to immediately re-post them?). Also, mousing over the links in this email showed URLs made to look like Craigslist links but that would actually go to a completely different website (“accounts.craigslist.org.user.authentication.login.atlanticaquasport.com” is NOT the same as “craigslist.org”). So, I immediately sent this email to my spam folder where it belongs. Done and done.
I’m relating this rather unremarkable story because so many vFlyer users post their flyers to Craigslist and probably receive these types of “phishing” emails. Here are some tips to remember when you receive an email related to a Craigslist post:
- Be skeptical. Craigslist doesn’t send people a lot of emails. If it’s not an email you were expecting (for instance, the self-publishing or post confirmation email), there’s a good chance it didn’t actually come from Craigslist.
- Don’t believe offers of protection from flagging or restoring a flagged post. They are fake.
- Look at the sender’s email address. The name may say “Craigslist”, but the email address could be a Gmail or AOL address, or an address of some other domain. Even if the email address ends in “craigslist.org”, don’t immediately assume that it’s from Craigslist.
- If there are links in the email, mouse over them without clicking so that you can see the URL (that is, the web address of the link). If the URL doesn’t look right, don’t click the link.
- NEVER give personal information such as your name, address, phone number, or social security number in an email to someone you don’t know.
For more information on avoiding email scams, take a look at this page from the National Consumers League’s Internet Fraud Watch.
