Warning: areps.at in your Facebook Inbox = Phishing [UPDATE]

by Scott McAndrew on May 21, 2009

Facebook Phishing Alert

If you receive a message in your Facebook Inbox encouraging you to checkout a site called areps.at, don’t do it.  It’s the latest Facebook phishing scam.

I received one of the messages this morning, and was instantly suspicious as it came from a contact that I haven’t spoken to in quite some times, and it was a very brief/terse message.

Facebook areps.at Phishing Scam Email

If you’re a computer novice, you might click through.  What happens next, is you’re presented with what looks like a login to Facebook.  While it’s easy to shrug this off and say “you’d have to be stupid to fall for this,” barring the missing Facebook logo (which  might be my experience and not everyone’s), I could see people clicking through or even cutting-and pasting this into their browser’s address bar and subsequently giving away their Facebook login and password.

Facebook Phishing Scam

The best way to stop the scam?  If you get an email on Facebook like the one I got, inform the person who sent it to you that their account has been compromised.  The emails are being sent from actual Facebook accounts, so someone out there has their login.  Second, pass the word about the phishing scam so other’s don’t fall for it.

Facebook users are now reporting the same scam directing users to the following Facebook phishing pages:

  • areps.at
  • kirgo.at
  • bests.at
  • brunga.at
  • nutpic.at

If you feel that your account may have been compromised, visit Facebook’s Security page (it is viewable even if you cannot access your Facebook account).

Beyond Facebook’s advice, I’d have to also suggest that compromised account holders monitor their banking, credit card and cellphone accounts.  Scam artists often attempt identity theft with as little information as a full name and date-of-birth.

Share this post:

  • Twitter
  • Facebook
  • del.icio.us
  • StumbleUpon
  • LinkedIn
  • Reddit
  • Digg

Related posts:

  1. DON’T Check kirgo.at – Facebook phishing scam [UPDATE]
  2. Tvviter is phishing for your Twitter account
  3. Millennials: Nothing personal, Twitter

Tagged as: , , , , , , , , ,

{ 2 trackbacks }

DON'T Check kirgo.at - Facebook phishing scam
May 21, 2009 at 9:56 am
PHISHING WARNING: Tvvitter is phishing for your Twitter account
May 21, 2009 at 10:41 pm

{ 4 comments… read them below or add one }

1 Courtney Crane May 21, 2009 at 9:13 am

Ug. Thanks for the heads up Scott!

2 Kim May 21, 2009 at 10:29 am

Hi, thanks a lot for this. I got two of those today and stupidly clicked on the first one. I didn't give out my Facebook password but there was an image with a code you had to type in and I did this twice, then just closed the window. What happens now? Am a bit worried.

3 scottmcandrew May 21, 2009 at 11:10 am

Kim, as long as you didn't provide your Facebook login you should be fine. If you did provide any personal information (such as a username and password), I'd advise that you immediately change your Facebook password, and, unfortunately, start monitoring your banking, credit card and cellphone accounts. With only a full name and date of birth scam artists can attempt to compromise your identity.

That said, it sounds like from what you've described that all should be fine.

4 feel for it May 21, 2009 at 1:32 pm

I clicked through to kirgo.at and got a host of trojans and one virus..so don't be so sure nothing happened. Run symantec, most of them are low priority and easy to get rid of.

Leave a Comment

Previous post:

Next post: