Hey Guys, I was looking at a fan page and this is how it works. Lets say they are starting off with 5 accounts each with 1000 friends. Then they invite everyone to the fan page. Once they have about 500 members they start phishing the user's pws. Then they use them accounts to invite their friends (they might get recovered but by that time, they've already phished some of their friends, so the chain gets bigger). All the legit accounts have friends, and the friends trust the phished account so they'll join the page and then get phished. I noticed this as one of my accounts which I use to research other fan pages was phished and my other accounts (which were added as friends to my main research acc) were invited to the fan page. I thought I must've invited myself or something but later I realised it was a phishing scam. The page has been shut down now (it was a click here to see photo page) but it had about 30k members. It must have achieved this in about a day with hardly any work. I didn't manage to see hwo it worked but i'm pretty sure there was a captcha involved (the account is verified) so they must've used the <fb:captcha> command. Do you think the owner's been prosecuted? I gotta admit though it was a pretty good scam.