UPDATE: We’re told the scam is now using multiple URLs ending in “.im”, as Facebook has blocked ponbon. Simple rule: don’t click links in Facebook messages that look suspicious.
Be warned that there’s another Facebook scam going around today: compromised accounts are sending out links to a site named “ponbon.im”, as shown in the image - do not visit this site. Our guess is that the attack is using accounts that were compromised previously - if you receive the mail, simply delete it without visiting the link.
The advice to avoid having your account compromised remains the same: make sure you run an up-to-date virus scanner, keep your OS updated, make sure you’re running the latest version of your web browser and do not enter your social networking passwords on third party sites.
If you’re concerned you might be affected by this or other scams, run a full virus scan on your system, clear the cookies in your browser (used by XSS attacks) and change your password for the compromised account.