Craigslist fails to flag most scam rental ads, study finds

More than half of suspicious real estate ads are never flagged for removal by Craigslist

Craigslist, the popular online listings service, has waged a long fight against scammers, but a new academic study suggests it's been losing the battle.

The study focussed on listings for housing rentals, and found that Craigslist failed to remove a majority of those that were fraudulent.

The researchers analyzed two million ads over a five-month period in 2014 and determined that Craigslist had flagged and removed fewer than half the listings that likely weren't genuine.

Looking for housing can be stressful, and people are vulnerable to schemes that advertise below-market pricing or ways to get ahead of the rental game.

Victims sometimes proceed even if a deal looks too good to be true, convinced by confident reassurances from the scammers, said Damon McCoy, an assistant professor in the Computer Science and Engineering Department at New York University and one of the study's authors.

"By the tens of thousands of ads that we found, [the scammers] are clearly successful at making money," he said in an interview Tuesday.

The study is due to be presented at the Financial Cryptography and Data Security conference in Barbados next week.

Craigslist didn't respond to emails seeking comment. The site has long published guidance to help its users avoid scams. It warns people to be suspicious of ads that involve wiring funds over Western Union, and says face-to-face transactions will help avoid most problems, among other tips.

To sort legitimate ads from fakes ones, the researchers looked at data including IP addresses, common bank account numbers and email addresses. They also looked for similarities in the content and templates used for ads.

They wrote a bot that engaged advertisers via email, and even filled out templates used for rental applications to help identify scams. That method worked -- for a while.

"At some point, the scammers got wise to us and they began changing the template," McCoy said. 

One of the most common scams involves credit reports. A con artist places a fake rental ad and, if a victim responds, directs them to pay for a credit report. If the victim pays, the scammers collect a commission.

In another scam, rental listings from other real estate websites were cloned and advertised on Craiglist. But the rental cost was lowered to a below-market price, McCoy said. The scammers asked for a wire or bank transfer to cover a deposit and the first month's rent. The researchers determined that most of those scammers were in Nigeria, with some in the U.S.

Another scam involved selling lists of rent-to-own or pre-foreclosure properties. The lists often included properties that aren't available or had suspiciously low prices. The researchers urged regulators to look into companies that provide these lists, and they named a few in the study.

They found more than 8,000 ads for these lists on Craigslist, and said the service flagged only 57 percent of them.

Overall, Craiglist failed to flag 47 percent of the rental ads that were probably scams, and for those that it did identify, it took a long time to flag them.

Of the listings cloned from other real estate websites, 60 percent stayed up for 10 hours, and 40 percent remained online for more than 20 hours -- plenty of time to catch some victims.

McCoy, who also co-authored a paper on another type of Craigslist scam, said the researchers reached out to Craigslist but received no response.

"It'd be great to work with them and try to improve the situation," he said.

The study's other authors were Youngsam Park of the University of Maryland and Elaine Shi of Cornell University.

Join the CSO newsletter!

Error: Please check your email address.

More about Western UnionYork University

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place