How I Thwarted Hackers from Getting into my Craigslist Account
So what happened? Well, recently I’ve been reselling items mostly on eBay, but also Craigslist. On Craigslist people contact me via text, phone call, or email.
This morning I received the following text message:
You have a new Craigslist message, to view it please use:
The link was a little different, but it did have the word “craigslist” in the URL. “craigslist” was in the part you’d normally see the “www” - an obvious red flag.
I’m a curious fellow, and I did one thing I shouldn’t have: I clicked the link. I highly suggest if you ever get a phishing text or email with a link - don’t click it! This allows the phisher to track that they sent the text or email to a valid phone number or email.
Anyway, as I expected, it brought me to what appeared to be the Craigslist login page:
I was still curious, but not so stupid as to put my actual login information. I wanted to see what happened when I put in a username and password, so I tried a fake username and password:
Nothing happened when I clicked “Log in.” I’m sure the data got sent somewhere, but nothing happened with the UI. The real Craiglist page would’ve said:
Your email address, handle or password is incorrect. Please try again.
That’s that. Nothing too exciting, except that I shouldn’t have clicked on the link. I just wanted to let people know what it looked like!