New Craigslist Scam?
 

So, against my better judgment, I included an e-mail address with a rental listing for a friend renting her condo. Last time I did this all I got were long stories from Nigeria about their uncle in the Air Force and blah blah blah send me your bank account number...

Anyway, last night a got a curious e-mail, but I couldn't say for sure it was a scammer. So I just replied "call me".

About 45 min later I got an e-mail from hotmail saying I had requested a password change and to confirm or cancel.

Can anyone explain how this scam works? Even if I confirm (which of course I won't) I would think that it would just take me to a page where I would set a new password. The e-mail looks legitimate.

I'm pretty sure most of the e-mail sites state that they will never ask you for a password, or any form of getting it, through an email. If you think it's legit, don't process your password through an email. From a different computer, sign into your email, and manually change your password.

If it has a button to confirm/cancel or a link - R click on it and hit properties and see where it's going to direct you. Most of the time it will be to a mirror site where they can record your password information. Many people save emails from sites that they set up online accounts with like merchants, banks and such. This gives the crook immediate access to some potential goodies.

Thanks for that bit of education. In this case, a strange thing happened: The guy actually called and seems to be legit. It still seems a strange coincidence that the password request came through at that same time though. However, it could be a different scammer/phisher.

The properties are this:

https://accountservices.msn.com/EmailPage.srf?emailid=.......

Does that look legit?

The msn site is legit - and probably a coincidence the other email came at same time

So I guess the question is: Who is making a password change request, how and why?

Did you check you account and see if any changes were made?

How come you didn't use the Craigslist e-mail anonymizer option?

Don't change anything you didn't INITIATE the request for...

AAMOF, if you believe you've been compromised, close out the browser session, get off line, then go back on, open your browser, then go to whatever site your account is on and then through the normal channels, re-secure your user-name and password, using the procedures established by your vendor, bank, whatever...

But, NEVER respond to "something/one/whatever" requesting you to change anything...and get off-line as soon as it comes to you...

I just recently received a "bank" request to access a site "due to security upgrades and..." related crap...

I tried forwarding the information to my bank's "IT folks" but THEIR firewall wouldn't take my forwarded e-mail...they needed me to print out the e-mail with all the header information and bring it down to my local branch.

That's how bad this crap is getting.

My rule for computers, phone calls and real life is this:

"If I had wanted it, I would have called or sought you out."

That little bit of home-spun philosophy gets me through the 250+ pieces of "junk" e-mails I get every morning...really fast... :D