If you recently got a message in your Facebook inbox with links to FBAction.net, we hope you didn't follow them. If you did, we hope you at least didn't fall for the fake log-in screen that was waiting for you at the URL...
This recent phishing attack has made its way across Facebook by leading users to a convincing looking -- but fake -- Facebook log-in screen. If you enter your information, the scam site then locks you out of your account and sends the original message out to all your friends. Fortunately, at present time, it doesn't look like there is any additional malicious payload, which means no virus or no spyware. It's just account hijacking for the sake of it.
Facebook has already blocked the address, which should put an end to the annoyance, but some users are still locked out of their accounts until Facebook finishes cleaning up the mess.
The best way to avoid such attacks, as we always say, is using common sense. Don't follow links or open files from people and addresses you don't trust, and never enter passwords or other sensitive information in a page unless you're sure the site is secure. And always check the URL to make sure you're on the site you think you are.