SMS from a potentially unknown source contains a demand and a masked link to a Facebook phishing page. The number of visitors to that link, as of this writing, seems to have been increasing. The full code of the page is actually hex encoded and executed by the unescape function. Once users provide their Facebook credentials to the page, these are then posted to a.PHP page hosted on 193[dot].107[dot]107 [dot]17[dot ]68, which is quite a popular location for hosting malware.”]
Source: https://blog.malwarebytes.com/cybercrime/2014/08/phishers-hook-facebook-users-via-sms/