Scammers impersonating Facebook are getting more and more sophisticated. They often craft messages that look and sound very much like legitimate notifications from Facebook, tricking you into giving up your login information, which could lead to them having full access to your profile.
Here’s how to avoid falling prey to their tricks.
Emails from “Facebook”
If you ever get an email claiming to be from Facebook, you can confirm if it’s actually from the social media network by checking that it came from fb.com, facebook.com or facebookmail.com. You can also look at your Facebook settings, which houses a running list of all the recent emails they’ve sent you. Go to your settings and click on the “Security and Login” tab. Scroll down to where it says “Advanced” and you should see an area labelled “See recent emails from Facebook.” If you hit the “view” button next to it, you’ll get a list of all emails Facebook has sent you (such as a request to change your password) in the last few weeks in the first tab marked “Security”, and emails about mentions, likes, etc. in the “Other” tab.
Never click a link in an email that claims to be from Facebook if you can’t confirm they sent it.
If you see an email saying you’ve changed your password or made a change to your account that you don’t remember doing, you can click the “I Didn’t Do This” or “Secure Your Account” links so Facebook can help you review recent activity.
You may receive official-looking messages in Messenger or in your business page’s inbox. These often include urgent language, such as “You’re Facebook account will be deactivated unless you take immediate action!” Often, the message will seem to come from “Facebook” but if you look closely you’ll notice the name may include special characters, certain letters in a different font than the others, or zeros instead of Os. The logo may also be flipped or otherwise off. Facebook will not send you these sorts of notices over Messenger so it is best to ignore them and not click.
Scammers often send legitimate-looking texts from fake or hacked accounts with a message urging you to click on the link. When you do, you’ll then be prompted to log into your Facebook account to view the content, with a login screen that looks remarkably similar to Facebook’s. Before you do, be sure to look at the address bar. Is it coming from a website other than facebook.com? If so, do not log in as you are most likely the target of a phishing scam.
If you accidentally click a suspicious link, Facebook can help you secure your account at https://www.facebook.com/hacked.
To future shore up your security, sign up for alerts about unrecognized logins by going to your settings, clicking on the “Security and Login” tab, scrolling to the area marked “Setting Up Extra Security” and clicking “edit” next to “Get alerts about unrecognized logins.” We also highly recommend you turn on two-factor authentication to increase your account’s security.