1Fake URL: A real Facebook URL looks like facebook.com. Phishing sites use lookalikes like faceb00k.com, login-facebook.net, or random domains with "facebook" in them.
2No HTTPS / Bad Certificate: Check the browser's padlock icon. Phishing sites may lack a valid SSL certificate or use a self-signed one.
3Credential Harvesting: You just typed your email and password — on the real Facebook those go to Meta's servers. Here they could go anywhere (a hacker's server, a database, or nowhere).
4Urgency / Deceptive Links: Phishing emails often say "Your account will be suspended!" to pressure you into clicking without checking the URL.
5Visual Cloning is Easy: This entire page was built in minutes. Pixel-perfect looks do NOT mean a site is legitimate.