This tricky scam is at large and fooling iOS users — stay alert and don’t fall for it.

A new cyber-scam collecting social media account logins is making its way through iOS devices, fooling users with its realistic-looking login process, which is really a video simulation. Unsuspecting victims are entering their Facebook credentials into the fake login screen, which then sends the credentials straight to the malware’s C&C (command and control server).

The scam begins with an authentic-looking webpage, such as Airbnb, prompting the user to log in with their Facebook account. When the user taps the “Login with Facebook” button, a video seamlessly plays that makes it look as though Facebook is being opened in another Safari window on the device. The user is then prompted to enter their Facebook login credentials.

Experts say a discerning eye can spot the gaffes in the ruse, namely that while the fake Facebook tab is “opening up,” the origin URL remains minimized over the process, showing that the user is still on that malicious site. All the same, users not on the lookout for something phishy may not notice, as the video simulation of a new tab opening looks largely familiar and normal to what they typically see on their iOS devices.

To ensure you don’t fall victim to this and other insidious phishing attacks, Avast recommends the following: