Identified Scam:

Is That Email Really From Facebook? 5 Foolproof Ways to Spot a Scam

If you ever need to check your Facebook account, always log in directly from the app or by typing in the URL. Don't trust every link you receive in your email.
Updated 7 July 2022
Is That Email Really From Facebook? 5 Foolproof Ways to Spot a Scam

WyzGuys Cybersecurity

Share to
Identified Scam:
Key Finding

Scammers send fake Facebook emails with links to a fake Facebook login page. 

Key Risk

When you try to sign in on the fake Facebook login page, the scammer steals your username and password and can log into your account to commit further fraud.

Sections on this page
  1. What Are Facebook Phishing Emails?
  2. Red Flags of Facebook Email Scams
  3. How to Protect Yourself from Suspicious Emails
  4. Fallen for a Facebook Phishing Email?
  5. Frequently Asked Questions

If you receive an email that asks you to log into your Facebook account, be on the lookout for red flags, like:

  • Misspellings and grammatical issues
  • A sender's address that doesn't match Facebook's official email address
  • A Facebook logo that doesn't look quite right
  • Suspicious links to non-Facebook websites

These are all signs of phishing attacks that can lead to your Facebook account being compromised and your identity being stolen.

What Are Facebook Phishing Emails?

The goal of Facebook phishing emails is to get inside and control your Facebook account, whether to target other Facebook users (i.e., your friends) in other scams or to access your sensitive information.

Sometimes, it may start as an email that appears to come from someone you know or trust. Some scammers like to make it look like you're getting an email from a friendly or reliable source to get you to drop your guard.

Here's how the scam works.

You Get an Email from "Facebook"

You receive an email that looks like it comes from Facebook but doesn't. It may use the Facebook logo and look like the real deal. The email directs you to log into your Facebook account to:

  • Read an important message
  • Secure your account
  • Save your messages

In some cases, scammers will threaten you to get you to act quickly and without thinking. For example, threatening to delete all of your messages (due to your inactivity on the platform) unless you log in.

Example Email from Scammer

A user just logged into your Facebook account from a new device iphone 11 pro. We are sending you this email to verify it's really you. 

>> Report the user
>> Yes, me


The Facebook Team

In the following example, the scammers use fear tactics to get you to call the scam phone number, but you can spot some red flags:

  • The sender's email address, although the name is from "Facebook," the email address is from an address, which isn't an official Facebook address. 
  • There are a few typos (e.g., extra spaces, un-needed capitalizations, misspellings) in the email that you wouldn't see on a legitimate Facebook email.

Example of a Facebook phishing email
1) is not a legitimate Facebook domain. 2) Typos are signs of scams.

In the following example, the Facebook phishing email looks legitimate. In this case, check the sender's email address to ensure it's from an email address and check the link goes to a URL before clicking on it.

Example of a fake Facebook phishing email
Some Facebook phishing emails can look very real, using the same fonts, colors and logos you'd expect from the real deal. (Source: Graham Cluely)

You Click a Link to "Go to Facebook" or "Log In"

After you click the link in the scam email, you land on a website that's not However, it's designed to look like the real Facebook site, so you may not realize it's a fake. Here, you will be asked to enter your login credentials. (Sometimes, the scammer will provide a phone number for you to call.)

Check the Link Before You Click

It's important to carefully check the URL of any link you click on within an email. Don't click on any links that don't take you to These phishing attacks are designed to steal your information, not take you to Facebook.

Not all is lost immediately if you click on the link in the email. You'll likely be sent to a page like the below example, which looks almost exactly like the actual Facebook login page. When you get to this point, you must check the URL to make sure you're on the real Facebook website.

Example of a fake Facebook website.
This fake Facebook website looks real, but the address is (i.e., fake), not (Source: Infosec)

After entering your login credentials, the scammer can then use them to log in to your Facebook account, make changes, steal information, or pretend to be you.

The first thing some attackers will do is change your password so you can't log in yourself. This buys them some time so they can try to take information, modify information in your account, or impersonate you.

The Scammer Steals Your Identity

With access to your Facebook account, the scammer can send messages to your connections containing phishing links or even viruses and malware. Since the messages are coming from you, your friends won't be cautious since they trust you and aren't suspicious of the messages sent from your account.

Once You Know Your FB Account is Compromised, Inform Your Friends

If you've lost access to your Facebook account, you should warn your FB friends not to trust any messages or posts from your account.

If you use the same password on Facebook as you do with other accounts, the hacker will also be able to access those. This can include your bank accounts, emails, and other social media profiles. This is why it's essential to use different passwords for each of your accounts—that way, if one account is compromised, your other accounts are still safe. A password manager can help you create strong and unique passwords and store them, so you don't have to remember them all.

Red Flags of Facebook Email Scams

When you receive an email from Facebook, look for tell-tale signs of a scam. Some of the most common red flags include:

  • An email from a non-Facebook email (i.e., doesn't come from an or address)
  • Typos, grammatical errors, and spelling mistakes
  • Weird spacing within the copy and design
  • A request for your Facebook login credentials
  • A link to a non-Facebook page (e.g., not

How to Protect Yourself from Suspicious Emails

There are a few different ways to beat and avoid phishing scams.

If you receive suspicious emails, you should:

  • Never click on Facebook links sent to you via email. Instead, log into your account directly via the Facebook app or by typing the URL into your browser.
  • Always check the URL to ensure you're on a legitimate Facebook page. If the URL doesn't include "," do not enter any information.
  • Don't trust Facebook emails that don't come from "[email protected]."
Contact Details


Verified Contact Details

It's important to verify links and contact details to beat imposters.

Fallen for a Facebook Phishing Email?

If you've fallen for this scam, you should quickly lock the scammer out of your Facebook account and prevent further damage.

Change Your Facebook Password

If you think you've been phished, you should first log into your Facebook account and change your password. Switch it to something tough to guess, preferably something entirely unlike your previous one. If you can change your password, you have regained control of your account.

If you use the same password for any of your other accounts, change those immediately.

Check Your Account for Changes

You will want to check your Facebook account for any activity that you didn't make, such as:

  • Status updates
  • Profile information
  • Comments on posts, pictures, and other content
  • Sent messages

To view your Facebook activity log:

  • Click the small down arrow in the upper right of Facebook.
  • Choose Settings & Privacy, then Activity Log.
  • Filter your activity by date to see if there was any activity since you last logged in. Then delete any unwanted posts, likes, comments, connections, or profile information.

Also, if you use Facebook advertising, you should check your advertising account. The attacker may have launched a campaign that benefits a company other than yours.

You will also want to go into your app settings by clicking the icon with the three lines in the top corner of Facebook and log out of any devices you don't physically have in front of you.

If You Can't Log In, You Can Recover Your Account

To recover your account and follow the instructions online. Find the account you want to recover, and then reset your password.

Report the Scam

Report any emails that look strange or like a scam to [email protected]. This will help Facebook address future attacks and protect other users.

Additionally, you can report the scam to the authorities (e.g., the Federal Trade Commission and the FBI).

Frequently Asked Questions

What do Facebook phishing emails look like?

Facebook phishing emails can look just like the real deal, using the same fonts, logos, and colors as an actual Facebook email. However, phishing emails will have red flags, including a fake Facebook email address and website link.

What do I do if I receive a Facebook phishing email?

If you receive a fake Facebook email, you can report it to Facebook. Also, be sure not to click on any links. 

Will scammers get my login information if all I do is click the link in the email?

Generally, no. Scammers count on you entering your information on the fake Facebook login page to steal your username and password. However, in some cases, clicking the link in the phony email will install software on your computer that can steal your information.

About This Article



Share This Article to Help Others