This thread is mainly for reporting rulebreaking that has happened on the forums themselves, rather than off-site, but I can offer the following advice:
In the case where a player ingame is asking you to visit a website, especially one that might be dangerous, you are encouraged to report this using the in-game report system for "Website Advertising" - this sends Jagex the chat of what was said so they can take a look into it. This is the only means of reporting what is said ingame, as other means of reporting often lead to edited content being sent that doesn't reflect what actually happened. Reporting ingame directly captures what actually happened.
With regards to the Facebook page being used for phishing activity, the best thing to do there would be to report the page to Facebook - after all, if its hosted on their site, its something that they should be taking care of.
As for the fake RuneScape URL, Jagex does want to know about those - you can forward the information about that URL to the "[email protected]" email address. Do not log in using the login form on that site though - the site is designed to steal your RuneScape information, allowing someone to potentially steal your account. You can read more on phishing in the
Support Centre