Security vendor Kaspersky Lab has reported a new phishing attack on Facebook that uses hijacked accounts to pose as the social network's security team and trick users into divulging credit card numbers. The latest scam is unique because it doesn't just try to get Facebook users to click on a link to a malicious Web site, David Jacoby, a Kaspersky Lab security expert, reported Friday on the SecureList blog. The attackers also use the stolen information to log into the person's account and swap the profile picture with a Facebook logo and change the name to "Facebook Security."