According to 'Shantini’, a security researcher with F-Secure, the phishing messages are populated with what appears to be an app signature and fools recipients into thinking they are app-generated.
Shantini claims that, whilst phishing scams are nothing new on Facebook, "they still catch the unwary and they're still happening now, with only minor tweaks in tactics."
At the end of last year, Shantini and her team say they saw a run of phishing links being sent around via the chat feature.
"We're seeing a new run at the moment", she said, adding that the links look as if they would go to an app, but they instead just take the user to pages that look like the real Facebook log-in page.
Commenting on this latest Facebook phishing campaign, the Softpedia newswire says that an analysis of a similar campaign carried out by Kaspersky Lab security researchers last October revealed that accounts were being stolen at a rate of 150 per minute.
"Facebook's security team works hard to suspend the fake pages, but they don't always manage to keep up with the rate at which attackers create new ones", noted Lucian Constantin in his Softpedia report.
Citing research from Trusteer, the Softpedia editor notes that the first hour of a phishing attack is the most critical time, with half of phishing victims exposing their credentials during the first 60 minutes.