This afternoon, Facebook users began receiving emails appearing to be from Facebook carrying an invitation from a friend. Following the link though, takes the recipient to a phishing site.

Reports say the scam has been spreading quickly primarily because it all looks very legitimate. The email itself spoofs Facebook and features the name of the recipient’s actual friend, who appears to have sent them a message.

The body of the message itself says simply “Hello” in the subject line and provides a link that redirects to fbaction.net. That site spoofs Facebook’s login page, prompting users to enter their user name and password.

A short time later, users discover they’ve lost access to their Facebook account because hackers have changed the password and taken over. Once the hijack is complete, everybody on the victim’s friend list gets spammed as well and the process starts all over.

In a statement, Facebook says it has blocked the domain from being shared on the site, removing referring content, and resetting passwords of senders so attackers can no longer access Facebook accounts. In addition the company says they’ve asked Markmonitor to blacklist the domain and they’ve reached out to ISPs for information to file a civil suit or criminal case.