The initial bait is a message that you may receive from one of your Facebook friends, whose account was compromised. The message claims to contain a link to images that show a crime that was committed against the friend or a close relative of the friend. The images then claim to be housed on Tumblr. Once the user clicks on the link to the Tumblr page, they are immediately redirected to a very plausible Facebook phishing page, asking the user to log in. The fake Facebook page will ask the user for a username and password as well as for a “secret question””]
Source: https://isc.sans.edu/diary/Facebook+Phishing+and+Malware+via+Tumblr+Redirects/17207