Facecrooks security shares a warning related to malware attacks that present credit card forms for users to fill out in the Facebook environment.  These attacks should be avoided. 

[Malware Alert] Beware of Rogue Forms Asking for Credit Card Info

QUOTE: Trusteer researchers released the details of a sophisticated new malware attack targeting Facebook users. The goal of the Ice IX malware scheme is to steal credit card information and personal account information. This is accomplished by using a web injection cycle to display a malicious web page in the victim’s browser.

The form tries to obtain cardholder name, credit card number, expiration date, CID and billing address. Users are advised this form must be completed to verify their identity and to further secure their Facebook account. Once a user falls for the scheme, the form data is delivered to the malware authors using an instant messaging script. This is especially dangerous since it allows for immediate account access. Check out their blog post to see an example of the rogue form in action and to see a walkthrough of a marketing video discovered in underground forums. The scammers use this video to showcase how web injection attacks are perpetrated.