Minecraft servers are at risk of greifing at a whole new level. Attackers are able to log in as you or another member of your staff and wreck havoc. How? When you log in a server, it puts you through a test to identify that you are indeed you. Normally an attacker cannot pass the test, however, if they lure you on their own server, they can forward the test directly to you and obtain the solution to the answer through you, which they use to login into your server while you are on their server. By this point, they might op their account, or give them creative, etc. This kind of attack is completely unnoticable by you or the server itself, and is really dangerous. Certain steps can be taken to ensure the well being of your server, first, DO NOT log into servers which members on your server provide the ip address to, if a player is insistant for you or a staff member to join his server, chances are that he is an attacker. Second, get a login plugin, one that makes you login with a password in game. Information is key to preventing server attack of this sort, the more you know the more you are able to defend your server.
A server owner posted this, which clearly shows one of these attacks in the logs:
Dont fall victum to one of these attackers!