Hackers have launched a big phishing scam at Facebook's 200 million [1]users to swipe their user names and passwords, reports Reuters.

The hackers got passwords through a phishing attack, breaking into accounts of some Facebook members, then sending emails to friends and urging them to click on links to fake websites.

Those sites were designed to look like the Facebook home page. The victims were directed to log back into the site, but actually logged into the one controlled by the hackers, unwittingly giving away their passwords.

The purpose of such attacks is generally identify theft and to spread spam.

The fake domains include www.151.im [2], www.121.im [3] and www.123.im [4]. Facebook has deleted all references to those domains.

Initially, the attack looks like it was focused on merely stealing the user names and passwords [5]of the popular social networking Web site's account holders rather than infecting their computers, reports PC World. Nevertheless, identity theft could still occur for people who use the same user names and passwords they use for Facebook for other sites, such as online banking.

A Facebook spokesman told The New York Times [6]that the company "is blocking links to new phishing sites, cleaning up phony messages and Wall posts and resetting the passwords of affected users."

To avoid phishing scams or blunt their damage, the general rules still apply: never click on links in e-mails you're not absolutely sure are legitimate; change passwords regularly; keep a close eye on the domain name (even if the site is spoofed, the url will be different); and in the case of Facebook, adjust privacy settings.