Here’s one in-the-wild phishing campaign that we spotted homing in on users. Unfortunately, we couldn’t trace back the origin of this campaign; however, it’s highly likely that it started off as an email pretending to be a notification. As such, be wary of any received emails containing URL(s) that may lead you to a name similar to Facebook but malicious in nature Apart from asking for email address and password—credentials used to access a Facebook account—from the user, it also wants to get his/her webmail and corresponding password, date of birth, security question and answer, and country of origin—information that are irrelevant at best when enabling disabled accounts in general. A “Payment Verification” page when users only want their accounts enabled? Uh-oh. Unfortunately, this section cannot be skipped, which effectively forces users to make them think they’re “buying” Facebook Credits—perfect excuse to ask for payment details. Finally clicking “Confirm” after filling in credit card details opens the legitimate Facebook page on users’ “Statement of Rights and Responsibilities“.