Symantec researchers shared a particularly well-executed one that tried to trick users into believing that a new, mandatory verification process for Fan Pages has been instituted by Facebook (click on the screenshot to enlarge it):
The phishing page - titled “Ensuring Social Security” and hosted on a server in the United States - claimed that any Fan Pages that are not verified before 30.05.2013. would be shut down.
When the victims submitted the asked for Fan Page name, email address, password, and security code, they would be informed that the Fan Page is being verified and they will be notified within 48 hours when the process is completed.
"The fake application site was designed to look like an official application site," the researchers noted, adding that the phishers also took care to use SSL, so that the page would look legitimate and trustworthy.
This particular campaign was active in May, but users should do well to be on the lookout for similar ones all the time.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.