A phishing campaign targeting Facebook users is currently under way and lures users with messages coming from compromised accounts seemingly containing links to various Facebook applications.
The users unfortunate enough to have clicked on the link will not be taken to the promised page, but to a phishing page resembling the social network’s login page:
Upon closer inspection, the user might notice that the URL of the page is not Facebook’s, but of a page hosted on a .ru domain. Unfortunately, not all users are thorough enough to do so and may simply assume they have been inadvertently logged out of the social network.
F-Secure says that the malicious messages haven’t spread far yet, so they are hoping that the campaign will die out soon. Some of the phishing pages have already been blocked, but there are still some active – so be careful.