Blog for hpHosts, and whatever else I feel like writing about ....

Friday 29 January 2010

Craigs List: Allow me to beat you over the head (softly of course)

I received an e-mail around 30 mins or so ago, pointing me to craigslistinc.org. The individual that reported it had been called by someone referencing this site, claiming to be an employee of Craigs List.

I did a little digging and yep, it's a phishing scam. I decided to call Craigs List to inform them of the site, and the additional stuffage I found - a decision I was about to regret. Calling the US from the UK isn't cheap, so Craigs List leaving me on hold to wait for an operator, for 25 mins, to then be told AFTER the 25 mins, and AFTER the damn automated voice told me I was "now first in the queue", that there were no CS reps available and to leave a message, has me more than a little annoyed with them.

Dear Craigs List, if you're going to provide a phone number, and going to tell people they're in queue - don't then proceed to tell them there's no-one available, that just annoys the hell out of us. Tell me as soon as the damn automated service answers, and I'll be happy with that, I understand sometimes call centers/offices get extremely "busy" (I've had my share of having to try getting through to BT ;o)). I'd ask why these companies don't just hire more staff if they can't deal with the call volume, but we know the answer to that so lets not bother.

Anywho, the site in question, craigslistinc.org, resides at 74.118.193.100 (AS46664 74.118.192.0/22 VOLUMEDRIVE - VolumeDrive). Looking at it's DNS servers showed quite an interesting little relationship. The sites WhoIs is privacy protected, but the DNS servers WhoIs isn't. The DNS servers domain, dnblocker.com resides at the same IP and is owned by;

Melissa Walker
P.O, Box 122
La Crosse, Kansas 67548
United States
+785 623-8544
Providingservices4u81@gmail.com


If we do a little digging on this one, we see not only are they running a "work from home" scam;


But more interestingly, there's also a tie to Blackhatworld.com (amongst others), which resides on the same /24 (74.118.193.250-74.118.193.253), and which is known for everything from fraud to malware and everything else inbetween.

I'm working on gathering a list of domains owned by "Melissa Walker" (pretty confident the WhoIs details are faked), and will post those as soon as I have gathered them. In the meantime, I'd suggest blocking this entire /24 as I'm not seeing any legit domains residing there.

If you have received an e-mail, or received a phone call, offering anything to do with work from home rubbish, or from someone claiming to be from Craigs List (or any other company), HANG UP!. DO NOT engage them, DO NOT reply to them, and NEVER give them any credit card etc details (doing so opens you up to the risk of identity theft), and if they're claiming to be calling on behalf of Microsoft, Malwarebytes or any other IT/security company, DO NOT give them remote access to your computer (neither Microsoft, Malwarebytes nor any other legit company I'm aware of, will cold-call you).

If someone is calling or e-mailing, claiming to be from a company you are used to dealing with, ask for their name, then hang up and call the company using the number you usually use to deal with them (and this especially goes for those times when they're claiming to be from your bank etc).

Remember: Legit companies should NEVER call you unless YOU have asked them to (i.e. they're returning your call), and even then - always treat them with the utmost suspicion.

Side note: The same content that's at craigslistinc.org was also previously at premiumverification.com (Cached on Jan 15th 2010, but this site whilst still registered, currently does not resolve)

4 comments:

Jeremy Zawodny said...

Thanks for the heads-up and sorry for the bad calling experience. I'll try to figure out how/why that happened.

In the meantime, can you email me: jzawodn@craigslist.org so we can share any details?

Thanks!

Jeremy

Anonymous said...

Relating to craigslistinc.org

Here's what I was able to dig, though I didn't spend too much time:
74.118.193.100
craigslistinc.org
dnblocker.com
ns1.dnblocker.com
74.118.193.101
ns2.dnblocker.com


Also I found this one:
craigslistadverification.com

it does not resolve [yet] was created on: 22 January, 2010 and currently sites on these NS:
blockedduetospam.pleasecontactsupport.com
dummysecondary.pleasecontactsupport.com

;-)

Rune said...

The Pink Misfit?
http://www.dnforum.com/member-pink-misfit.html

MysteryFCM said...

Certainly looks like it ....