Looks like Facebook has another phishing scam to deal with. Today’s is a message that appears to be appearing in users’ inboxes with the prompt to “Check areps.at.” Similar to last week’s 151.im phishing scheme the domain is not automatically hyperlinked in Facebook, but email clients, like Gmail or Yahoo, will auto-link it. Don’t click on that link and don’t copy and paste it into your browser.
Apparently the link will lead you to a Facebook log-in page. If you login to the site, the site will steal your email and password and will send all of your friends the same message. Twitter reveals that the same has been taking place all morning but I just received a Facebook message from a friend who was sucked into the scam a half hour ago.
There is also another email phishing scam going around Facebook (same thing, likely):
“Check bests.at”
Ugh.
anything with a .at
nice man thx
Is this really news? Idiots will still click links, techcrunch story or not. You going to write posts every time you get a 419 scam or bank phishing e-mail.
Don’t use any logon page that you didn’t get to by: typing the URL manually, or using one of your own favorites, or clicking a non-sponsored link in a trusted search engine.
Preaching to the choir, here. Provides an interesting experiment, though: Who are my dumb friends?
It is important, because after the introduction of virtual currency or whatever money account tied to the FB log-in this will start happening HUNDREDS (if not thousands) times A DAY.
I already got 3 phising messages from 3 different friends. I really have to ask this guys, why they insert their credentials in such a page …
The irony is that by blogging about this you are more likely to people on the site and thus phished.
As a side note aa419.org has daily links to new phishing pages, escrow , 419 , and bank fraud scams for detection and removal
… also http://www.apwg.org/ mainly focused on phishing and reporting
This is a really amateurish phishing attempt, so much so that the fool who set it up forgot to anonymize his WHOIS informaton.
It turns out this scam is being run by one Alexander Kalinin of Moscow ( ulitsa Dolskaya d.10 kv.33, 115569 ). Not the chess master mind you, but the graphics programmer who’s been trying to get hourly contract work through the offshoring market oDesk: http://tinyurl.com/pxz4kl
Alan, I’m sure the people who run the scam just stole the guy’s identity to register the domain, that’s why they didn’t bother.
They did it especially for the people who think (like you do) that there are idiots in the scam world.
Believe me, the initiators of scams are more sophisticated than most of the readers of this blog. I’m fighting them for almost 10 years, that’s why I can tell.
Soon you will be getting pages identical to your fav. FB with a proper address in the address bar (they are doing it for high-profile targets like PP or banks).
Web-based authentication with log-in and password MUST GO… ASAP.
This average blog reader easily caught the phishing attempt. The url was obviously not related to facebook.com and the grammar on the page was even worse than mine.
I am so stupid, now I know it after reading these artickles
(( Can I do anything now? When I want to log in to my FB account and I use my email and password as allways, it´s telling me that it´s incorrect 
( Can I fix it somehow or I lost my account forever? Thank you for your advise. Tereza
For the record – the .at extension is Austria. Generally clicking on anything with a .at extension tends to be a waste of time.
interesting article
Why am I still reading Techcrunch when you are warning of crap phishing scams. You could run a whole blog on reporting this junk. STOP IT!!!! OR WE WILL STOP READING.
Question: I am an idiot. I clicked on the link from the facebook e-mail, but once I saw the website, I did not log in. Will simply clicking on the link in the facebook e-mail cause any harm or install any programs? Or is the damage only done if you log-in to the pop-up site after clicking on the link from the e-mail?
Yes. It will auto-install all kinds of nasty stuff. I visited the page (usually get links from the guy who sent the message, so didn’t think twice about checking it out), and immediately clicked away. I spent the weekend fixing my machine machine.
I suggest Ad-Aware, Spybot S&D, and AVG.
im even a greater fool.. i logged in on that pop up site. what shall i do now? is there anything i have to/can do? or is all the damage already done?
thanx for your replies!
What do I do if I have logged into goldbase be
by mistake … ?
Thanks for this great news..