We are aware of this phishing domain and have already begun to take action. Specifically, we have passed the domain on to Markmonitor who pushes the domain to the browsers for blacklisting. They will also actively try to disable the site at the server/domain level for people who don’t have updated browsers.

Our user operations team has blocked the domain from being shared on Facebook and is removing the content retroactively from any messages. They will also be resetting passwords of senders to remove access from an attacker. We’re also reaching out to the ISPs to get information and will attempt to build a civil and/or criminal case against the owners.

Here’s a sample of the message that FBAction sends to facebook users:

YOURFRIEND sent
you a message.
Subject: Hello
“Visit http://www.facebook.com/l/4253f;http://fbaction.net/”

If you enter your details in the link, it will spam all your friends with the same message and link.