Spam harvesting via CraigsList

Published on Monday, April 15, 2013 and tagged with spam.

The tricks of spammers are many and subtle. And I’m not always sure what their game is.

I was selling something on CraigsList recently. One of the inquiries I received asked me to e-mail the person’s personal e-mail, included in the mail message, directly (rather than hitting Reply); this was ostensibly to keep scammers and bots out. A bit odd, maybe, but somewhat plausible (at least in a misestimating-computer-capabilities kind of way), and CraigsList interactions are full of communications behavior that seems odd to me. I sold the item to someone else, but to close all my open loops on it, I e-mailed the address they specified to tell them that the item had been sold.

Big mistake. Since then, I’ve gotten at least a dozen e-mails, all with the same subject as that mail I sent and similar text about being interested in or attracted to me and my ad, asking me to sign up on a particular site (no fee, of course!) to send a private message. Occasionally, a picture is attached.

I’m not entirely sure what the game is with this. Phishing? Malware installation? Getting credit card info? I haven’t visited any of the linked sites, so I don’t know. But it’s yet another “spammers are doing what? and why?” moment.