It all started with e-mails pretending to come from Facebook, luring users to a bogus malicious website made to look like the Facebook login page.

Needless to say, the page was designed to store all the login data input by the victim and later provide the scammers with usernames and passwords.

Facebook has already taken several steps to defend users from this attack. The social networking site blocked the page, thus making it impossible to be further sent to Facebook users. Furthermore, even if this page somehow managed to get into a user’s email and the user attempts to access it, the access to the URL has been blocked.

Last but not least, Facebook decided to automatically reset the password on all the accounts that sent the malicious link

The company warns users to be careful of phishing attacks and issued a small set of rules regarding online security:

– Use an up-to-date browser that features an anti-phishing black list. Some examples include Internet Explorer 8 or Firefox 3.0.10.
– Use unique logins and passwords for each of the websites you use.
– Check to see that you’re logging in from a legitimate Facebook page with the domain.
– Be cautious of any message, post or link you find on Facebook that looks suspicious or requires an additional login.