It was only a matter of time, but I can't really find a reason for stealing somebody's Facebook login credentials since the service is free for all. Maybe spamming or infecting people's computer is enough to convince attackers to launch phishing schemes on the web... However, a phishing scheme has already been identified these days, when a Chinese domain hosted a Facebook-like website asking for users' login credentials. The URL link of the phishing websites looks similar to a Facebook profile and every time it is visited, it demands your username and password.

The website was first discovered by Scott Fish, as he informed that "a few of my friends have WALL postings that include a URL that LOOKS LIKE it goes to a Facebook account. But in reality it is really a Numerical Chinese domain name that has subdomains tucked onto it to look like it's a Facebook URL."

Although I got the URL of the phishing website, I'm not going to disclose it because at the time of writing this article it is still accessible, so I don't want you to become a new victim of the attack.

Getting back to the scheme, it may seem like it was enhanced by some hacked accounts that included links to the malicious URL. Or, maybe some people added the phisher as their friend, who knows. But one thing is sure: you might see the malicious URL straight into your friends' profiles along with some luring messages. Here's one of these messages posted by Scott Fish:

"lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these- [phishing website]." So next time you're asked to provide your Facebook login details, don't do it unless you're 100 percent sure that you're not a victim of a phishing scheme affecting the popular social networking website.