Facebook users hit with second phishing attack

22 May 2009

More Facebook usernames and passwords were stolen yesterday, as a second round of phishing attacks saw hackers manage to send emails to users as though from friends in their network.

According to MSNBC, thousands of users received mail with the subject line ‘Hello’ and were encouraged to click on a link named ‘areps.at’ or ‘brunga.at’.

After clicking on this particular link users were sent to a fake Facebook log-in page where usernames and passwords were stolen.

This phishing scam follows one two weeks ago where users were directed to fake domains such as www.151.im, www.121.im and www.123.im.

A Facebook spokesperson told the New York Times that these previous phishing attacks were not widespread and only affected a small percentage of users.

Of course this is not the only privacy concern related to social networking site Facebook. The issue of third party applications asking for access to users’ private data has been a worry but Facebook’s recent decision to reward ‘safer’ applications is tackling this.


“When an application completes the verification process, they commit to extra steps for providing a trustworthy experience that meets your expectations,” said Sandra Liu Huang, program manager for App Verification at the social networking site.

By Marie Boran