Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

Craigslist is fighting back. Its latest gimmick is phone verification. Posting in some categories now requires a callback phone call, with a password sent to the user either by voice or as an SMS message. [...] Spammers tried using their own free ringtone sites to get many users to accept the Craigslist verification call, then type in the password from the voice message. Craigslist hasn’t countered that trick yet.

John Nagle

Posted 26th May 2008 at 8:40 am

Tagged , , , ,

2 comments

  1. This is basically the free porn trick but with ringtones instead of pornography - pretty clever. Seems like it would be relatively easy for Craigslist to fix though as they have full control over the message that goes out - they just need that message to emphasise that it's a craigslist account creation and include text along the lines of "if you have been asked to enter this code on a site other than craigslist.org you may become the victim of online identity theft".

    Simon Willison - 26th May 2008 08:57 - #

  2. And I guess the spammer would counter by advertising ringtones from craigslist.org :)

    Charles Darke - 26th May 2008 12:29 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site