A new phishing attack bent on stealing Facebook credentials has been spotted. The attack reproduces a social login prompt in a very realistic format inside an HTML block. That block is embedded on a malicious website that victims must first be convinced to visit. The status bar, navigation bar, shadows and content were perfectly reproduced to look exactly like a legitimate login prompt. The only way to protect yourself from this type of attack is to actually try to drag the prompt away from the window it is currently displayed in.
Source: https://threatpost.com/sneaky-phishing-scam-facebook/141869/