While Craigslist is a pop destination for ownership and selling used goods in your area, it'southward also decumbent to a lot of scams. Since Craigslist is an open up platform that doesn't have whatever kind of verification, people regularly utilize it to rip others off.

1 Craigslist scam involves an assaulter trying to intermission into your Gmail (or other email) account. Here's how this scam works, how to spot information technology, and ways you tin can stay safe.

How Craigslist Handles E-mail Addresses

By default, Craigslist uses email obfuscation to protect you and the people you contact on the service. When yous click on the response button in a listing, Craigslist provides you with an address like the following:

rcc9la26d7534400a6a03514c34f9200@sale.craigslist.org

When you send a message to this address, it goes to the bodily email inbox of the person who posted the listing. They see a similar address when they respond to your message. This ways yous can communicate without either person having their actual address exposed.

Craigslist Email Obfuscation

All the same, this doesn't protect anything in the body of your email address, such as the contents of your signature. Many people have their electronic mail address, social media links, phone number, or other personal information in their email signatures. Every bit a event, y'all could end up giving the other person more data than you intended when you respond to a Craigslist listing.

For an honest person, this isn't a problem. Simply for someone who wants to have advantage of you, this could let them attack one of your accounts.

How Craigslist Scammers Effort to Break Into Your E-mail

With your e-mail accost, phone number, and possibly your name (provided past your electronic mail customer), the scammer has plenty info to effort to reset your countersign. If they know your email address from your signature, they can use it on the account recovery page for your email provider.

Email Signature Too Much Info

While our example focuses on your e-mail account, scammers could act out a similar set on on one of your social accounts, or whatever else is in your signature.

Since they don't have your password, they'll try to reset it. Depending on the security options yous've set and the recovery options on your account, the scammer will choose the choice to send a recovery code to the phone number you provided in your signature, or perhaps a secondary email address.

Depending on where the scammers are located, this bulletin may contain text in a strange language, too. This is a telltale sign of a scam.

At present, this is where the crux of the scam comes in. Later you've expressed interest in whatever particular the person is selling, they will get back to yous, claiming that they desire to make sure they're dealing with a existent person because at that place are a lot of scammers on Craigslist.

To testify you lot're real, they ask you to tell them the code that "they" sent you. If you exercise this, you lot've fallen for the scam. Using this code, the scammers tin can then reset your e-mail countersign to whatever they want, locking you out of information technology.

If Yous Autumn for the Craigslist Scam

In case you fall for this trick, you'll take to contact Google back up (or the support for any electronic mail provider you use) and attempt to get your business relationship back. Just the scammer can do a lot of impairment while they're in your electronic mail account, such as resetting the password for other accounts, contacting your friends with false requests for money, and similar.

Y'all should thus let people know if this happens to you, and contact account back up immediately. Run into our guide on recovering a hacked Gmail account for advice.

How to Protect Against Craigslist E-mail Scams

Later reading through the above scenario, you should be aware of a few ways to proceed yourself safe from schemes like this.

First, you should always examine a Craigslist listing before responding to it. Expect for signs that it might not be legitimate, such as poor grammar or vague statements. Information technology's also a good idea to do a reverse paradigm search to see if the images were taken from somewhere else on the internet—a strong sign it's phony. Legitimate sellers volition non use someone else's pictures in their list.

No Other Images Found Google

Still, in our instance, the listed image didn't announced in a reverse paradigm search. It's possible that the scammers either broke into a legitimate Craigslist account and took over the listing, or just copied the contents from some other post.

Second, you should remove personal information from your e-mail signature. To stay even safer, consider setting up a separate e-mail address that you only use for Craigslist communications. That way, if someone tries to break into it, they won't have access to the email account you use for everything else.

Also, continue in listen that you lot should never, always provide automated recovery codes to someone who asks for them. Anyone who wants you to provide a lawmaking like this is trying to steal access to your business relationship.

If y'all become a recovery code that you did not specifically ask for, someone is most probable trying to break into your account (even if they aren't actively communicating with you, like in this situation). You should change your password for that account and keep an center out for farther alerts.

Google Account PIN Changed

It's a good idea to brand sure you have recovery options updated for your most important accounts. If y'all practice end up losing access, having boosted trusted e-mail addresses or phone numbers volition requite you lot more than options to get information technology dorsum.

Finally, you lot should also enable two-factor authentication (2FA) on all your accounts. This makes information technology harder for an unauthorized user to reset your password. Prefer a method like an authenticator app when you set upwards 2FA, equally those are less susceptible to hijacking or social engineering than SMS or email recovery codes.

Avoid Craigslist Scams and Protect Your Email Accounts

We've looked at one type of Craigslist email scam that yous must picket out for. Giving attackers besides much info about yourself, combined with handing over an important recovery lawmaking, will lead to thieves taking over your email account. Always exercise caution when dealing with Craigslist listings, and don't paw over sensitive account info similar recovery codes to people who enquire for information technology.

Unfortunately, these aren't the only online scams you demand to picket for, though.

Image Credit: Jarretera/Shutterstock

Don't Go Fooled by Employment Scams: How They Work

Read Next

Near The Author

Ben Stegner (1807 Manufactures Published)

Ben is the Editor in Main at MakeUseOf. He left his IT job to write full-time in 2016 and has never looked back. He'southward been roofing tech tutorials, video game recommendations, and more equally a professional person writer for over eight years.

More From Ben Stegner