McGeehan said education of users about the threat remains one of the main ways to try and prevent phishing at Facebook. He notes that it appears the phishing attacks against Facebook and its users that surge from time to time do appear to be clearly oriented to provide the attackers with a way to make money via click-throughs for ads. When there are high volumes of phishing, it's easy to spot, but the tougher attacks are those that are more subtle, he said.