Would it be fairly easy for someone to obtain your login info on facebook through a fishing method?

[Mr. B]

For example, would it be possible to intercept an email notification from facebook, create a duplicate containing a link to a bogus fb login page, and still have the fake login page direct you to your legit fb account?

[guiltyspark502]

Done it many times, you need to send the link via E-mail on a page that completly represent a message from facebook.com. Also make sure that the email adress that you are sending from is close to something that facebook would use.

[Katherine J]

Yep...facebook had this problem a few weeks ago. I received a fake login page via one of my facebook emails. It had a link which looked exactly like facebook's login page. It's an easy trap to fall into. You find yourself automatically typing in your info before your mind can answer the question of "why" you are being asked to login again...yes, it happened to me!
Once you've entered your information, they've (whomever is on the other side) got it. They will then spam the same email (or worse) to all of your friends. And that's the least of what they can do. If you think this has happened, you need to change your password on every site you visit, that is, if you use the same password - as well as notify facebook.