The address is phish(at)fb.com. Anyone — even those who aren't on Facebook — can use it to report malicious emails that pretend to come from Facebook.
Known as phishing, such emails attempt to get passwords and other information by pretending to come from a legitimate business. Because many people use the same passwords at banking and other sites, someone who gets account information for Facebook can log on elsewhere.
Facebook Inc. says scams tend to contain information that's more vague than what's in legitimate emails from Facebook.
Facebook says it will report scams to outside security companies and notify blacklists that Internet companies keep to block malicious websites. It will also prevent users from posting such links on Facebook.