The malicious email claims that the recipient's account has been blocked and "may not be authentic":
Clicking on the offered link takes the victims to a fake Facebook login page where they are urged to enter their email and password in order to reactivate their accounts.
After "logging in," the victims are asked to enter additional information to "secure" their accounts and "protect" their payments: email address and the password for the email account, date of birth, name, credit card number, type, expiration date, security code, and billing address.
Those who get tricked into submitting all this information will probably have their Facebook and email accounts hijacked by cyber crooks and used to propagate further scams. Unfortunately, they are also likely victims of future identity theft and credit card fraud schemes.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.