areps.at is the Latest Facebook Phishing Scam

Like other, recent Facebook phishing scams, the end result of clicking on areps.at is being redirected to a site that looks a lot like the Facebook login page, just as the prior scams did.

Assuming you fall for it, and login, your username / password will be stolen and you'll be logged into Facebook, but within a short period of time the phishing system will change your password and lock you out of the site.

The scam then goes on to send the same URL to all your friends. Fortunately, the areps.at site has already been shut down. Unfortunately, new sites (and phishing messages), all with the .at (Austria) ccTLD: bests.at, kirgo.at and nutpic.at. While Firefox has blocked at least areps.at (you'll get a Web Forgery warning), you can still reach nutpic. at at the time of this writing.

The good thing is these guys haven't been as diligent at making accurate copies of the login page. Witness the word "helps" instead of "help" in the above image. The bad thing is many will still click through.

As I've indicated before, Carnegie-Mellon has developed a game that teaches users to avoid phishing scams, which I've written about previously. I'd recommend everyone take a look at it; it's very helpful.