Beware of Fake Facebook Password Reset Emails

Have you recently received an email that appears to be from Facebook, asking you to reset your account password? Don’t click on any links within - it’s likely a scam designed to steal your Facebook login credentials.

In this scam, victims receive an authentic-looking email claiming to be from “Facebook Security” or another official-sounding department. The email states that someone (usually “an unrecognized device”) has requested to reset your Facebook password. It will then prompt you to click on a link to reset your password yourself and secure your account.

Why you’re getting Facebook password reset emails?

You’re receiving these emails because scammers have obtained your email address and are targeting you specifically for this Facebook password phishing scam. They’re able to spoof the “From” address so it looks like it’s from a legitimate Facebook email address.

The scammers are sending out millions of these emails in hopes of fooling people into clicking the links and handing over their private login credentials. Even if just a small percentage of recipients fall for it, the payoff for cybercriminals is huge.

Does Facebook send emails to reset your password?

No, Facebook does not send emails proactively to users about resetting their passwords. If you request a password reset yourself through Facebook’s official process, only then will Facebook send you an email. And that email will come from either [email protected] or [email protected] - not another name.

Here are some tips to identify this Facebook password reset scam:

• Check the email address: As mentioned above, legitimate Facebook password reset emails only come from [email protected] or [email protected]. If the email is from any other address, it’s a scam.

• Hover over links: Without clicking, hover your mouse over any links in the email. The link text may say something like “Facebook Password Reset,” but the actual URL may point to a sketchy third-party website.

• Log in normally: Instead of clicking any links, open Facebook directly in your browser and try logging in as normal. If you don’t encounter any password errors, your account is likely fine.

• Use two-factor authentication: Activating two-factor authentication adds an extra layer of security, requiring you to enter a code from your phone when logging in from a new device. This can prevent unauthorized logins.

• Check for spelling/grammar errors: Legitimate emails from Facebook will not contain typos, grammar mistakes or awkward phrasing. If anything looks off, it’s a red flag.

• Don’t reply: Do not reply to the email or click “unsubscribe,” as that will just confirm to scammers that they have reached a real person - encouraging more scam attempts.

What should you do if you clicked the link or entered my password?

First, don’t panic. Here are the steps to take if you suspect your Facebook account has been compromised:

• Change your password immediately: Log in to Facebook and go to Settings > Security and Login to change your password. Make it long and strong.

• Enable two-factor authentication: Add this extra layer of security if you haven’t already. Requiring a login code from your phone prevents scammers from accessing your account even if they have your password.

• Check connected apps/sites: In Settings, examine the list of apps and websites connected to your Facebook account. Remove any unfamiliar or suspicious ones.

• Review recent posts and messages: Scan your recent Facebook activity for anything unusual, like strange messages sent from your account. Delete anything suspicious.

• Check login locations: Facebook shows you the cities/countries your account has been logged in from recently under Security and Login. If you see unfamiliar places, secure your account.

• Run antivirus software: Download and run reputable antivirus software to check your computer for malware or spyware that may have been installed if you clicked the link.

• Enable login alerts: Facebook has a feature that can alert you via email or text whenever your account is accessed from a new location. Turn it on for peace of mind.

• Report the email: Forward the scam email to [email protected] so Facebook can investigate and work to shut down these scammers.

How to Secure Your Facebook Account

Facebook phishing scams are increasingly common, whether through fake password reset emails, posts, messages or friend requests. Here are some tips to better protect your Facebook account:

• Use a strong, unique password - Your Facebook password should be lengthy, complex, and not reused on any other sites.

• Enable two-factor authentication - Activate Facebook’s two-step verification, which requires entering a code from your phone when logging in from a new device. This adds an extra layer of security.

• Be wary of third-party apps - Don’t authorize any unfamiliar applications to access your Facebook profile or data. Only connect apps you know and trust.

• Check your privacy settings - Adjust your privacy settings so your posts, photos and information aren’t visible to the general public. Limit visibility to friends only.

• Watch out for “account verification” - Facebook will never message you out of the blue to verify or confirm your account. Ignore any such requests.

• Report phishing messages - If you receive any suspicious messages, emails or friend requests, report them directly to Facebook so they can address scammers.

• Stay vigilant - Carefully scrutinize all activity on your Facebook account. Look for any unusual posts, messages, friend requests or other behavior. Verify legitimacy before clicking links or sharing info.

Stay vigilant against these types of Facebook password reset scams, which tend to rise during the holiday season. As long as you know the signs - like a suspicious sending address - you can keep your account protected. Don’t hesitate to contact Facebook support if you have any additional questions or concerns.

Make sure to check out our other scam guides.