Have you opened files ending with ".at" or ".be"? If yes, welcome to the 'phishing' victims club. A million Facebook users have been hit by a new phishing scam that can result in crashing your computers or mobile phones and steal your passwords?
The phishing scam is being run through the spam messages which steal sensitive information of the Facebook users. In the attack, the messages are circulated with a subject line of "Hello" and a prompt to check out "areps.at" or other URLs ending in ".at".
The mails with the subject line "Look at This" and links like -- goldbase.be, greenbuddy.be, silvertag.be, picoband.be -- leads to some malicious Web sites, which if visited, could secretly download malware onto computers through a "drive-by download" application.
The URL connectivity, before being blocked directs the visitor to a fake Facebook page and the mail ID and password are stolen as soon as it is logged-in again.
According to the All Facebook blog.Facebook, the password in such cases should be changed immediately and the same message should be sent across to one's Facebook acquaintance.
"Whoever is behind the scam has been steadily amassing a large number of e-mail addresses and passwords over the past few weeks," the blog says.
Though, Facebook spokesman Barry Schnitt said: "The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a per cent of users.
"We've been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly," he added.
The site has blocked links to the new phishing sites from being shared on Facebook and has added them to the block lists of the major browsers.
The social networking site is working with partners to have the sites taken down completely, he said adding Facebook is also cleaning up phony messages and wall posts and resetting the passwords of affected users.
"We believe the bad guys here are phishing an account and then trying those credentials on webmail providers," Schnitt said.
So, for example, if a user is compromised on Facebook and has the same login and ID password for their Gmail, the attacker may be able to intercept the Facebook password reset and compromise the account again in the future, he added.