It would be easy to think that once someone has logged in successfully to Facebook—and not a phishing site—that the security threat is largely gone. However, that’s not quite the case, as we’ve seen before.