The scam involves a notice appearing on the wall of user profiles as a message from a friend, saying “Hey, I got a new facebook account. Im going to delete this one, so add my new profile” then with a link that appears to be a link to the new profile. The actual link goes to a URL on view-facebookprofiles.com, a domain registered (and whois protected) on Namecheap and hosted at Softlayer that looks identical to the Facebook login page:
Users fooled into resubmitting their Facebook details on this page then have their Facebook accounts hijacked and all of their contacts receive a similar message, propagating the phishing scam.
It’s not clear yet exactly what the phishing scammers are planning on using the compromised accounts for, or how far it has spread. One tipper claimed that many of his friends had been caught as well.