Abstract: In this post I will talk about the dangers of opening suspicious links and not exercising common sense. I made a mock up phishing site for Facebook which with slight modification could be used to send user credentials to a server side database (MySQL).
Background: The reason I am posting this is to highlight how easy it is for someone to mimic a popular website and with some social engineering can easily steal usernames and passwords. The simplest method is to get a free web account such as 000webhost.com under a shell email so there is no trace of who you are, and then visit a site you want to phish and copy the login page source code. This is exactly what I have done on Facebook. The next step is to modify the login forms so that it will send the user information to your database and forward them to the real Facebook and they are none the wiser.
In order to get people to your "Fakebook" you can use a variety of vectors such as email spamming or say going to the Apple store and setting up Facebook to redirect to the phisher site.
Protection: The way to protect from this is to use common sense. Look at the URL of the page you are logging into, and of course dont open emails that seem suspicious or ask for user information.