Decrypt Craigslist Email

Posted on by



Craigslist provides a 'cover' email address that gets forwarded to the recipient's actual email address. Only Craigslist knows the real email addresses of both parties. This way, if one of the people involved turns out to be untrustworthy, they don't have the other person's email address. Is there a way to decode craigslist anonymous email addresses? I was searching the web for this, but it's difficult to find. I've heard people talk about sending a ping out and watching the reroute which should show you the recipients address.

If you post ads on Craigslist for short term employment, be aware that there's a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users.

By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist's 'Gigs' section for short term employment. The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are resumes.

If the recipient enters the password to unlock the document, they'll then be presented with a screen that asks them to enable the content in the document. Unfortunately, this is the step that dooms the user. The file isn't a resume at all, but merely a delivery vehicle.

As soon as the content is enabled, the ransomware will be installed, the user's files will be encrypted, and then will 'helpfully' post a message explaining that the files have been encrypted, and explaining that to get access to them again, they'll have to pay a $400 fee, which rises to $800 if the user waits longer than seven days to request the decryption key.

Unfortunately, there's no known way to decrypt Sigma-encrypted files other than paying the ransom.

This is a new twist on a very old game. Even worse, it's enjoying a relatively high success rate because people who post ads for short term employment on Craigslist expect to get responses from people they don't know. They expect that those people will be sending resumes for review.

The 'tell' is that when a potential employee sends you a resume, it's almost certainly not going to be password protected. In this case, your best bet would be to reply to the sending and ask them to send you a non-protected resume if they're genuinely interested in the job.

craigslist has implemented 2-way email relay to help stop spam and scams.

Unable To Decrypt Email


When replying to a post you'll see an address like:
rcc9la26d7534400a6a03514c34f9200@sale.craigslist.org

When answering an email you'll see an address like:
rcc9la26d7534400a6a03514c34f9200@reply.craigslist.org

Use your email program as you normally would.

PLEASE NOTE: The “real name” field (e.g. Jane Doe) in your email program is passed through to the recipient. Any contact information in the body of your message will pass through unaltered.

FAQ

Q: I would like to stop a particular user from contacting me.
A: Click the flagging link at the bottom of the message.

Decrypt Emails In Outlook

Q: I accidentally flagged a message, how can I undo it?
A: At this time it cannot be undone.

Decrypt craigslist email

Q: Which flagging link should I use if there are a bunch of nested replies in the message?
A: Use the most recent link.

How To Decrypt Craigslist Emails

Q: Can I continue to communicate with respondents after my ad has been removed?
A: Yes, existing reply email communication threads can continue for up to 4 months.

Decrypt Craigslist Emails

Q: How did the poster find out my real name?
A: The “real name” field your email program provides is passed through to the recipient.

Q: Where can I get more help?
A: https://forums.craigslist.org/?forumID=9