The millions of users of the social networking site Facebook are being hit by a new phishing scam, which ends up in crashing their computers or mobile phones, and stealing their passwords. Security experts have cautioned the Facebook users not to open the files ending with ".at" or ".be".

The new phishing scam is being executed through the spam messages that steal the sensitive information of Facebookers. The spam messages typically feature a subject line saying "Hello" and entice the facbookers to look into "areps.at" or other URLs ending in ".at".

The mails featuring the the subject line "Look at This" and links, such as goldbase.be, greenbuddy.be, silvertag.be, picoband.be, takes the victim facebookers to some malicious Web sites, which secretly downloads malware onto their computers thru a "drive-by download" application. The links lead the victims to a fake Facebook page, and when the victims again login to the site (Facebook), their mail ID and password is stolen.

In its blog, Facebook has cautioned that the users should imidiately change their passwords, after they are attacked. The social network has said that the scammer has been collecting info about a large number of e-mail addresses and passwords over the past few weeks.

According to Facebook spokesman Barry Schnitt, "The impact of this attack or the previous ones is not widespread and only impacted a tiny fraction of a per cent of users.”

Schnitt told that Facebook has been updating its monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly. He told that Facebook has blocked links to the new phishing sites, and the site is removing phony messages and wall posts and resetting the passwords of victimized users.