A new round of phishing attacks hit Facebook last week, a security researcher says. A compromised account sends a malicious link to friends. That link leads to a site that mimics the legitimate log-in page. The criminals are operating on the assumption that the Facebook password they acquire from any given user has a good chance of being the same password that person uses on other sites. Facebook has acknowledged the attack, and said it has reset passwords of compromised accounts and eliminated the phishing messages when it has found them.”]
Source: https://www.csoonline.com/article/2124023/phishers-harvest-facebook-passwords-for-profit.html