The recent Facebook phishing attack we reported on the other day has apparently continued at least for a second day.
This report on Silicon.com notes that the first one, using the FBaction.net domain, was stopped within a few hours. As we warned, it came back the next day with another domain, in this case BAction.net.
The attack comes to you in your Facebook inbox as a terse message with a link in it. Click on the link and you are prompted to log in to a fake Facebook login page. Log in and the attackers have your credentials, which they then use to pass the attack on to everyone in your Friends list. Always be certain when you log in to Facebook that you are actually logging in to facebook.com.
If you or one of your friends has this problem and Facebook finds out you may end up with Facebook resetting your password for security purposes. Be on the lookout for notices from Facebook about this. (full Story)