Two stories out this week about Craigslist and eBay classifieds sites show how criminals attempt fraud in varied ways online just as they do in real life, and show it pays to stay vigilant.
The first story comes from Australia, where security publication CSO Online reports that criminals used eBay-owned Gumtree.com.au to spread malware.
“Criminals posing as a legitimate Australian legal firm recently duped an online ad network into distributing banner ads through Gumtree.com.au that, if clicked, could likely have led to ransomware,” it explained.
The publication cited a report from security firm Malwarebytes and explained that Gumtree itself was not breached, “however a third-party advertising firm that distributes ads on the site was duped into serving malicious display ads to it. Gumtree.com.au has over 45 million visits per month.”
The second report comes from the Department of Justice US Attorney’s Office about the sentencing of a 32-year old man from Texas who was convicted of mail fraud and aggravated identity theft.
He allegedly placed dozens of false job postings on Craigslist for “customer service representative” positons with various airlines in order to collect names, addresses, dates of birth, and Social Security numbers from prospective employees on “job applications” in order to commit identity theft.
He received a seven-year sentence in federal prison and was ordered to pay restitution to his victims, according to the DOJ, which said the case was investigated by the U.S. Postal Inspection Service.