by Elinor Mills

Updated at 4:20 p.m. PDT with Twitter phishing attack, at 4:10 p.m. with Facebook comment and 2:30 p.m. with attack also downloading malware onto computers.

Phishers were having a field day with Facebook and Twitter on Thursday.

A new phishing scam hit Facebook users that, like others in recent weeks, sends them to a Web site which steals their log-in information and also secretly downloads malware onto computers when they visit the malicious Web site in what is known as a "drive-by download."

Meanwhile, Twitter users were getting messages from new followers that were posting links to a fake Twitter site with "tvvitter" in the tiny URL, Graham Cluley of Sophos wrote in his blog. His blog has a video of the phishing attack in action. Twitter representatives did not immediately respond to e-mails seeking comment.

In the Facebook attack, messages circulated with a subject line of "Hello" and a prompt to check out "areps.at" or other URLs ending in ".at".

The URLS, before being blocked, directed the visitor to a fake Facebook page. If you logged in to the site, it would steal your e-mail and password, log you into Facebook, automatically change your password, and send the same message to all your Facebook friends, according to the All Facebook blog.

Spotted here