Phishing schemes designed to gain access to Facebook accounts have increased in frequency and sophistication. It's more important than ever to protect your personal information, and know what to do if your Facebook profile has been hacked.
Scammers impersonating Facebook are getting more and more sophisticated. They often craft messages that look and sound very much like legitimate notifications from Facebook, urging you to take immediate action by tricking you into giving up your login information, which could lead to them having full access to your profile.
Here’s how to avoid falling prey to their tricks.
Emails from “Facebook”
There has been an increase in email-based scams from senders purporting to be Facebook who send alarming warnings about supposed issues with your Facebook account (usually citing a security risk or an infringement report filed from a third party), and urge you to click on a link, claiming your Facebook Account might otherwise be disabled, and your profile or page might be removed. If you ever get an email claiming to be from Facebook, you can confirm if it’s actually from the social media network by checking that the sender’s address comes from “fb.com”, “facebook.com” or “facebookmail.com” instead of a non-branded, suspicious email address such as “[email protected]”. If the sending email is not from one of these three domains, do NOT click on any links.
If you are still unsure if the email originated from Facebook, you can also log into your Facebook account and look at your settings, which houses a running list of all the recent emails they’ve sent you. Go to your settings and click on the “Security and Login” tab. Scroll down to where it says “Advanced” and you should see an area labelled “See recent emails from Facebook.” If you hit the “view” button next to it, you’ll get a list of all emails Facebook has sent you (such as a request to change your password) in the last few weeks in the first tab marked “Security”, and emails about mentions, likes, etc. in the “Other” tab.
Never click a link in an email that claims to be from Facebook if you can’t confirm they sent it.
If you see an email that you’ve confirmed is from “fb.com”, “facebook.com” or “facebookmail.com” and it says you’ve changed your password or made a change to your account that you don’t remember doing, you can click the “I Didn’t Do This” or “Secure Your Account” links so Facebook can help you review recent activity.
You may receive official-looking messages in Messenger or in your business page’s inbox. These often include urgent language, such as “You’re Facebook account will be deactivated unless you take immediate action!” Often, the message will seem to come from “Facebook” but if you look closely you’ll notice the name may include special characters, certain letters in a different font than the others, or zeros instead of Os. The logo may also be flipped, be an old version that Facebook no longer uses, or otherwise look off. Facebook will not send you these sorts of notices over Messenger so it is best to ignore them and not click.
Scammers often send legitimate-looking texts from fake or hacked accounts with a message urging you to click on the link. When you do, you’ll then be prompted to log into your Facebook account to view the content, with a login screen that looks remarkably similar to Facebook’s. Before you do, be sure to look at the address bar. Is it coming from a website other than facebook.com? If so, do not log in as you are most likely the target of a phishing scam.
Protect Your Account
In your personal profile settings, it is important to list your up-to-date email address and phone number, in case Facebook has to email you or text you a recovery link if you are ever locked out of your account.
To future shore up your security, sign up for alerts about unrecognized logins by going to your settings, clicking on the “Security and Login” tab, scrolling to the area marked “Setting Up Extra Security” and clicking “edit” next to “Get alerts about unrecognized logins.” We also highly recommend you use an automatic password generator to create secure, unique passwords for all of your accounts.
You can also select friends to act as your “Trusted Contacts” on your Facebook account. Should something happen with your profile, they will be able to help you recover your account if you ever get locked out. Under your Facebook settings, click on the “Security and Login” tab, and scroll down to the “Set Up Extra Security” section. Choose 3-5 friends that you can contact if you have issues with your account. Your trusted contacts can send a code and URL from Facebook to help you log back in.
Most importantly, we urge you to turn on two-factor authentication on both Facebook and Instagram to increase your account’s security. Under your Facebook settings, click on the “Security and Login” tab, and scroll down to the “Two-factor authentication” area to enable it. Once you set it up, you should also access the recovery codes in this section by tapping “Recovery Codes”, then tapping “Show Codes.” This will give you 10, one-time only codes that you can use should you ever have an issue with your authentication app. Write down these codes or save them someplace safe.
What To Do If Your Facebook Account Has Been Hacked
If you accidentally click a suspicious link, Facebook can help you secure your account at https://www.facebook.com/hacked or https://www.facebook.com/login/identify or https://www.facebook.com/help/1306725409382822. If you have set up Trusted Contacts, you can also follow these instructions to send them a recovery code that they can use to help you gain access to your account.