Identified Scam:

Is That Email Really From Facebook? 5 Foolproof Ways to Spot a Scam

If you ever need to check your Facebook account, always log in directly from the app or by typing in the URL. Don't trust every link you receive in your email.

Verified.org
By Verified.org
Updated 6 July 2021
Is That Email Really From Facebook? 5 Foolproof Ways to Spot a Scam

WyzGuys Cybersecurity

Share to
Identified Scam:

Key Finding

Scammers send fake Facebook emails with links to a fake Facebook login page. 

Key Risk

When you try to sign in on the fake Facebook login page, the scammer steals your username and password and can log into your account to commit further fraud.

Sections on this page
  1. What Are Facebook Phishing Emails?
  2. How to Beat and Avoid a Facebook Phishing Email Scam
  3. Examples of Facebook Phishing Emails
  4. Fallen for a Facebook Phishing Email Scam?
  5. Frequently Asked Questions

If you receive an email that asks you to log into your Facebook account, be on the lookout for red flags, like:

  • Misspellings and grammatical issues
  • A sender's address that doesn't match Facebook's official email address
  • A Facebook logo that doesn't look quite right
  • Links to non-Facebook websites

What Are Facebook Phishing Emails?

The goal of Facebook phishing emails is to get inside and control your Facebook account. In some cases, it may start as an email that appears to come from someone you know or trust. Some scammers like to make it look like you’re getting an email from a friendly or reliable source to get you to drop your guard.

Here's how the scam works.

You Get an Email Saying You Need to Log Into Facebook

You receive an email that looks like it comes from Facebook—it may use the Facebook logo and look like the real deal. The email directs you to log into your Facebook account to:

  • Read an important message
  • Secure your account
  • Save your messages

In some cases, scammers will use a fear tactic, for example, threatening to delete all of your messages (due to your inactivity on the platform) unless you log in.

Example Email from Scammer

A user just logged into your Facebook account from a new device iphone 11 pro. We are sending you this email to verify it's really you. 

>> Report the user
>> Yes, me

Thanks, 

The Facebook Team

You Click on a Link to “Go to Facebook” or “Log In”

After you click the link in the scam email, you land on a website other than Facebook. However, you may not realize it’s not the actual Facebook site. Here, you will be asked to enter your login credentials. (In some cases, the scammer will provide a phone number for you to call.)

It’s important to carefully check the URL of any link you click on within an email. If necessary, compare it to the actual Facebook URL to see if they match. The site takes you to is designed to steal your information, not take you to Facebook.

After you put in your credentials, the scammer can then use them to log in to your Facebook account, make changes, steal information, or pretend to be you.

The first thing some attackers will do is change your password. This buys them some time so they can try to take information, modify information in your account, or impersonate you.

The Scammer Steals Your Identity

Once they have access to your Facebook account, the scammer can send messages to your connections containing additional phishing scams or even viruses and malware. Since the messages are coming from you, your friends won’t be cautious since they trust you and aren’t suspicious of the messages being sent from your account.

If you use the same password on Facebook as you do with other accounts the hacker will also be able to access those. This can include your bank accounts, emails, and other social media profiles.

How to Beat and Avoid a Facebook Phishing Email Scam

There are a few different ways of both beating and avoiding Facebook phishing. You can take the steps below to protect yourself.

To beat this scam, you should:

  • Never click on Facebook links sent to you via email. Instead, log into your account directly via the Facebook app or by typing in the URL into your browser.
  • Always check the URL to make sure you’re on a legitimate Facebook page. If the URL doesn’t include “facebook.com,” do not enter any information.
  • Don’t trust Facebook emails that don’t come from “[email protected].”
Contact Details

Facebook

Verified.org
Verified Contact Details

It's important to verify links and contact details to beat imposters.

Red Flags of Facebook Phishing Email Scams

When you receive an email from Facebook, look for tell-tale signs of a scam. Some of the most common red flags include:

  • An email from a non-Facebook email (i.e., doesn’t come from an @facebook.com or @facebookmail.com address)
  • Typos, grammatical errors, and spelling mistakes
  • Weird spacing within the copy and design
  • A request for your Facebook login credentials
  • A link to a non-Facebook page (e.g., not Facebook.com)

Examples of Facebook Phishing Emails

There are various versions of Facebook phishing emails, from ones telling you someone else has logged into your account to those saying you've changed your password recently when you didn't. 

In the following example, the scammers use fear tactics to get you to call the scam phone number, but you can spot some red flags:

  • The sender's email address, although the name is from "Facebook," the email address is from an @facebookhelpline.org address, which isn't an official Facebook address. 
  • There are a few typos (e.g., extra spaces, un-needed capitalizations, misspellings) in the email that you wouldn't see on a legitimate Facebook email.

Example of a Facebook phishing email
1) @facebookhelpline.org is not a legitimate Facebook domain. 2) Typos are signs of scams.

In the following example, the Facebook phishing email looks legitimate. In this case, check the sender's email address to make sure it's from an @facebookmail.com email address and check the link goes to a facebook.com URL before clicking on it.

Example of a fake Facebook phishing email
Some Facebook phishing emails can look very real, using the same fonts, colors and logos you'd expect from the real deal. (Source: Graham Cluely)

If you do click on the link in the email, not all is lost immediately. You'll likely be sent to a page that looks like the below example, which looks almost exactly like the actual Facebook login page. When you get to this point, it's crucial that you check the URL to make sure you're on the actual Facebook website.

Example of a fake Facebook website.
This fake Facebook website looks real, but the address is Facebook.net (i.e., fake), not Facebook.com. (Source: Infosec)

Fallen for a Facebook Phishing Email Scam?

If you’ve fallen for this scam, you should quickly lock the scammer out of your Facebook account and prevent further damage.

Change Your Facebook Password

If you think you’ve been phished, the first thing you should do is log into your Facebook account and change your password. Switch it to something extremely hard to guess, preferably something completely unlike your previous one. If you’re able to change your password, you have regained control of your account.

If you use the same password for any of your other accounts, be sure to change those immediately also.

Check Your Account for Changes

You will want to check your Facebook account for any activity that you didn’t make, such as:

  • Status updates
  • Profile information
  • Comments on posts, pictures, and other content
  • Sent messages

To view your Facebook activity log:

  • Click the small down arrow in the upper right of Facebook.
  • Choose Settings & Privacy, then Activity Log.
  • Filter your activity by date to see if there was any activity since you last logged in. Then delete any unwanted posts, likes, comments, connections, or profile information.

Also, if you use Facebook advertising, you should check your advertising account. The attacker may have launched a campaign that benefits a company other than yours.

You will also want to go into your app settings by clicking the icon with the three lines in the top corner of Facebook and log out of any devices you don’t physically have in front of you.

If You Can’t Log In, You Can Recover Your Account

To recover your account and follow the instructions online. Find the account you want to recover, and then reset your password.

Report the Scam

Report any emails that look strange or like a scam to [email protected]. This will help Facebook address future attacks and protect other users.

Additionally, you can report the scam to the authorities (e.g., the Federal Trade Commission and the FBI).

Frequently Asked Questions

What do Facebook phishing emails look like?

Facebook phishing emails can look just like the real deal, using the same fonts, logos, and colors as a real Facebook email. However, phishing emails will have red flags, including a fake Facebook email address and website link.

What do I do if I receive a Facebook phishing email?

If you receive a fake Facebook email, you can report it to Facebook. Also, be sure not to click on any links. 

Will scammers get my login information if all I do is click the link in the email?

Generally, no. Scammers count on you entering your information on the fake Facebook login page to steal your username and password. However, in some cases, clicking the link in the phony email will install software on your computer that can steal your information.

About This Article

Share This Article to Help Others

Comments