Facebook applications have grown to become quite the phenomenon. There are applications on Facebook for all types of users, whether it be games, news feeders, birthday trackers, they're all available. Most of the time, the danger doesn't come from the application itself, it’s the actions a phisher can perform around the application to trick users.
One phishing attack method through use of Facebook applications is to create an application that will cause a fake error message on a victim's Facebook profile. The victim will use a popular search engine such as Google or Bing to determine why the error message is coming up. The very first result is actually a website designed to install malware or to redirect the victim to a fake Facebook log in page, or in some cases, both. The victim is either infected with malware or tries to log in and gives up their credentials.
Another phishing attack method is to combine the attack with spoofing, to create an application that will send out links to friends once installed. The victim installs the application, and the application spreads to friends. The application itself can be a game, but once the victim hits a 'high score,' they're asked if they want to post their score. A fake log in screen pops up and the victim gives their credentials away.