When users like Wooden receive a message from a friend they trust -- and when the spammers take care to craft a message similar enough to Facebook -- they let down their guard.
Smith also said that as Facebook welcomes scores of new users, about 3.5 million each week, it creates a large audience of people who haven't been exposed to the kinds of phishing attacks that hit social networking sites.
"I think we've seen as new users have joined, it takes some time for users to figure out how to use new communication tools," he said, adding that many new users are over 35 and new to this kind of social environment.
"These are kind of the new kids on the block and so it's a little easier to pick on them," he said.
Facebook's Schnitt, however, said that they had not established any correlation between new users and the attacks.
"While we'd like to avoid attacks like today, every time they happen, more people become aware of phishing and how to avoid it on all sites, not just Facebook," she said.
He also cautioned users to only log in to sites when www.facebook.com is in the browser and to be very cautious of any messages or links they find on Facebook that ask them to log in again. Keeping unique logins and passwords for different sites is also helpful.
Earlier this week, Facebook announced the launch of a new program that, much like Twitter, allows users to opt to make their newsfeed information public. Schnitt said that these attacks had no relation to the new program.
One possible upside of the scam?
Even when it's infected, Facebook connects people.
In one shot, the virus reached out to about 218 of Wooden's Facebook friends, many she isn't in touch with on a regular basis.
"I got a lot of [messages saying] "I haven't heard from you in a while," she said. "It brought us together."