There is a new phishing attack that is well-crafted and may fool even the most vigilant person.
As an example, the attacker creates a web page with a seemingly innocent article that has a login button to use your Facebook credentials to see the article in full. Normally, this type of login opens a separate and smaller web page with the OAuth login box. This type of attack, however, creates a block of HTML within the same page that is an almost exact replica of an OAuth dialog page. The fake login even has the correct URL and HTTPS complete with green security icon in the “address bar” as you would normally see it.
The example above shows how an attacker might use a Facebook login to deceive you into providing your credentials. Many other web sites such as Google and Microsoft make use of OAuth logins. As a precaution, in addition to following general anti-phishing guidelines, always try to drag popups away from their initial position to look for abnormal behavior and stay vigilant while browsing the Internet.