Facebook has confirmed reports that it has been targeted by phishing attacks over the past couple of days.
According to reports, messages linking to the websites fbstarter.com or fbaction.net were spreading fast through the social network.
Security firm Websense describes one of the phishing lures in 'fbstarter', which arrives in a user's Facebook inbox or is forwarded to their email inbox if forwarding has been configured.
The message contains a link that redirects the user to a Facebook phishing page imitating the real site's sign-in page.
Once they've entered their username and password, that's enough for an attacker to log into an account and spam a user's friends.
"Remember never to click on links in suspicious emails or messages and to only log in from legitimate pages with the Facebook.com domain," Facebook Security said in a wall post.
"You should make sure that your Facebook password is different from the passwords you use for other online accounts."
Facebook uses MarkMonitor to help protect users against phishing attacks, and recently expanded the deal to help protect against malware attacks.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.