Hackers for the first time are targeting the popular social networking site Facebook with a phishing scam that harvests users' login details and passwords.

Some Facebook users checking their accounts Wednesday found odd postings of messages on their "wall" from one of their friends, saying: "lol i can't believe these pics got posted.... it's going to be BADDDD when her boyfriend sees these," followed by what looks like a genuine Facebook link.

But the link leads to a fake Facebook login page hosted on a Chinese .cn domain. The fake page actually logs the victims into Facebook, but also keeps a copy of their user names and passwords.

Soon after, the hackers post messages containing the same URL on the public "walls" of the users' friends. The technique is a powerful phishing scam, because the link seems to be coming from a trusted friend.

"A lot of phishing is moving out of financial services and going to online web sites that have not installed stronger authentication, sites that are not as close to the money," said Marc Gaffan, who heads product marketing for security firm RSA's Identity and Access Assurance Group.

Thanks to the exploding popularity of social networking services – and tightened security at financial websites – fraudsters are targeting networking sites to make money in a number of ways, according to security experts.

Hackers can use the compromised profiles to host Trojan horses such as key loggers that go on to steal banking passwords and credit card numbers.

And since many people use the same logins and passwords on multiple sites, the hackers can also check if stolen Facebook credentials will log them into eBay or Amazon, for instance.

And super-sneaky crooks may be interested in mining profiles for personal information that can be used to send carefully targeted spam or malware. If someone is listed as an NFL fan, for example, hackers may send him phony NFL messages to trick him into clicking a link or installing attached malware.

Dancho Danchev, an independent security consultant, said the hackers may be trying to harvest hundreds of accounts before embedding malware that automatically infects everyone who visits the infected profiles.

"If they register a phisher.cn domain they would have to advertise it so people will come across and get infected, (but) if they get access to profiles where people will return for sure, they won't reinvent the wheel," he said. "Moreover, they do internal spamming for the usual pharmaceuticals and porn stuff automatically."

Danchev has been tracking scammers using similar Chinese .cn domains to target MySpace user accounts, he said. "The common stereotype that it's all about the money is true in this case, because they will either embed the malware, or sell the accounting data to someone else who would do it," he said.

Rob Jensen, a systems consultant, found the phishing link on his wall when he logged in to Facebook on Wednesday morning.

"A friend of mine just left a wall post, just a blank URL, and I clicked on the link and found it was a phishing site," Jensen said. "I saw the .cn domain, and being in tech I suspected it."

Jensen said he sent a message to his friend to ask her what was going on, but hadn't yet told her she had been compromised and that she should log in and change her password.

Though the phishing link mimics a typical Facebook profile link by replacing forward slashes with periods, Jensen said he put the URL in a search engine and then clicked on it in Firefox, which identified it as a phishing site.

The offending URL is h–p://www.facebook.com.profile.php.id.371233.cn/, making 371233.cn the rogue domain name. It was registered in China in November using an e-mail address that was also the contact address for some 224 other similiar domain names.

Banks and online brokerages have hardened their sites against phishing attacks using a number of techniques, ranging from requiring users to use a physical token that generates a new passcode every minute to checking what machine is logging in and requiring more information when a user attempts to log in from a different machine or geographic area.

Users who fall prey to phishing scams should log in and change their passwords immediately, and do the same to their e-mail and shopping accounts if they used the same password for those services.

Facebook did not respond to requests for comment by deadline.