I received a very real looking facebook phishing email today. The email said "[someone] has posted a comment on your wall" the clever part was the use of a persons name from my friends list in place of [someone]. This gave it a very real look and feel.
When the link was clicked I was taken to a very accurate clone of the facebook login page. It was not however on the facebook website. Had I logged in I would have given away my user name and password.
Always make sure you only log in to any website if you are 100% sure you are actually on the website.