Houston, May 25: Have you been hit like millions of Facebook users by a new phishing scam that can result in crashing your computers or mobile phones and steal your passwords? If not, beware, do not open the files ending with ".at" or ".be".
The phishing scam is being run through the spam messages which steals the sensitive information of the Facebook users.
In the attack, the messages are circulated with a subject line of "Hello" and a prompt to check out "areps.at" or other URLs ending in ".at".
The mails with the subject line "Look at This" and links like -- goldbase.be, greenbuddy.be, silvertag.be, picoband.be -- leads to some malicious Web sites, which if visited, could secretly download malware onto computers through a "drive-by
download" application.
The URL connectivity, before being blocked directs the visitor to a fake Facebook page and the mail ID and password are stolen as soon as it is logged-in again.
According to the All Facebook blog.Facebook, the password in such cases should be changed immediately and the same message should be sent across to one`s Facebook acquaintance.
"Whoever is behind the scam has been steadily amassing a large number of e-mail addresses and passwords over the past few weeks," the blog says. Though, Facebook spokesman Barry Schnitt said: "The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a per cent of users.
"We`ve been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly," he said.
The site has blocked links to the new phishing sites from being shared on Facebook and has added them to the block lists of the major browsers.
The social networking site is working with partners to have the sites taken down completely, he said adding Facebook is also cleaning up phony messages and wall posts and resetting the passwords of affected users.
"We believe the bad guys here are phishing an account and then trying those credentials on webmail providers," Schnitt said.
So, for example, if a user is compromised on Facebook and has the same login and ID password for their Gmail, the attacker may be able to intercept the Facebook password reset and compromise the account again in the future, he added.
Bureau Report
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
Cookies Setting
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device and the processing of information obtained via those cookies (including about your preferences, device and online activity) by us and our commercial partners to enhance site navigation, personalise ads, analyze site usage, and assist in our marketing efforts. More information can be found in our Cookies and Privacy Policy. You can amend your cookie settings to reject non-essential cookies by clicking Cookie Settings below.
Manage Consent Preferences
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work or you may not be able to login.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we may not know when you have visited our site, and may not be able to monitor its performance.