Writing in his countermeasures security blog late yesterday, the security vendor's solutions architect says that the latest round of phishing messages appear to come from Facebook's 'customer care' operation and warn that users will be "disconnected from our server due to several violations."
The nature of the violations, he says, is unspecified, but helpfully the scam artists – "for that is indeed what they are" – offer a link where you can 'Confirm your identity.'
According to Ferguson, if a user is concerned enough to click the link in the message they will be taken to a replica of the Facebook website claiming to represent Facebook Security.
""It's not just about Facebook credentials", he says, "as the enterprising fraudsters are also after users dates of birth and email credentials as well.
Ferguson says that he has already alerted the incident handlers at Facebook about these scam messages, and is now alerting users via his blog.