Logically, Facebook would never need to contact an employee to tell them there was a message from the IT department. But in a bring-your-own-device (BYOD) era, people are increasingly used to ignoring the "rules" surrounding workplace IT, so it makes sense that phishing email pretending to be Facebook telling you about policy problems is doing the rounds.
This message has my name on it, which in itself distinguishes it from 99 per cent of the phishing I see. But over and above the dodgy sender address, it only takes a quick hover to confirm that it's a fake:
The lesson? Make sure you educate your users, and install security software on as many devices as is feasible.