Yow, I just got successfully phished on the Facebook Android app. I clicked on "Your friend X tagged in a post" and this thing managed to put a browser window over the top of the FB app so it looked like I was still in the app, totally consistent style, and asked for a Facebook login, which I haven't done for years so I thought made sense. I fell for it, and I bet most people wouldn't have noticed it was sketchy, which I fortunately did; password hastily changed….