A series of phishing attacks have struck Facebook and has continued on for a second day.
The first attack, which was down using the FBaction.net domain, was stopped within a few hours, according to a Silicon.com report. However, it came back againthe next day with another domain, in this case BAction.net.
Ryan McGeehan, threat analyst for Facebook, said phishing attacks are a fairly commonplace occurrence at the Facebook site, occurring every few weeks.
We've seen attacks like these before, said McGeehan, whose job is to identity and respond to security events. We expect them. It's nothing out of the ordinary.
So how exactly does this attack work if you are a Facebook user?
The attack comes to you in your Facebook inbox as a terse message with a link in it. When you click on the link, and you are prompted to log in to a fake Facebook login page. By logging in, the attackers have your credentials, which they then use to pass the attack on to everyone in your Friends list.
Always make sure that when you log in to Facebook that you are actually logging in to facebook.com.
If you or one of your friends has this problem and Facebook finds out you may end up with Facebook resetting your password for security purposes. Be on the lookout for notices from Facebook about this.