Another phishing attack is making the rounds on Facebook today. Like previous attacks, this one encourages users to enter their Facebook login information on a site that looks real but isn’t (this time, it’s fbaction.net – no link intentionally). Currently, it appears as though the phishers aren’t attempting to get users to download viruses or malware, but simply trying to steal passwords.
It’s unclear how many people are affected, but Facebook has already responded by blocking links to the site from within Facebook, and phishing directories used by many browsers and ISPs to prevent further spread of the attack appear to have already flagged the server too.
Generally, Facebook catches most attacks like this through automated spam filters before they become very widespread (with the exception of the Koobface worm last year), though it can never prevent phishing attacks completely. In the past, Facebook has filed suit against large spammers like “Spam King” Sanford Wallace, so it’s possible that Facebook might press charges against the perpetrators of this attack as well.