1. Never click suspicious links: It is possible that your friends could unwillingly send spam, viruses, or malware through Facebook if their accounts are infected. Do not click this material and do not run any ".exe" files on your computer without knowing what they are. Also, be sure to use the most current version of your browser as they contain important security warnings and protection features. Current versions of Firefox and Internet Explorer warn you if you have navigated to a suspected phishing site, and we recommend that you upgrade your browser to the most current version. You can also find more information about phishing and how to avoid it at http://www.antiphishing.org/consumer_recs.html and http://onguardonline.gov/phishing.html.
   
   Phishing is an online attempt to trick a user by pretending to be an official login page or an official email from an organization that you would have an account with, such as a bank or an email provider, in order to obtain a user’s login and account information. In the case of a phishing login page, the login page may look identical to the login page you would normally go to, but the website does not belong to the organization you have an account with (the URL web address of the website should reflect this). In the case of a phishing email, the email may look like an email you would get from the organization you have an account with and get emails from, but the link in the email that it directs you to takes you to the above phishing login page, rather than a legitimate login page for that organization.
   
   To prevent your account information from being obtained in a phishing scheme, only log in to legitimate pages of the websites you have an account with. For example, "www.facebook.example.com" is not a legitimate Facebook page on the "www.facebook.com" domain, but "www.facebook.com/example" is a legitimate Facebook page because it has the "facebook.com" domain. When in doubt, you can always just type in "facebook.com" into your browser to return to the legitimate Facebook site.


2. Have a unique, strong password: From the Account Settings page, be sure to use a different password than you use for other sites or services, made up of a complex string of numbers, letters, and punctuation marks that is at least six characters in length. Do not use words found in the dictionary.


3. Run anti-virus software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove harmful programs and keep your information secure.
   • For Windows:
     http://www.microsoft.com/protect/viruses/xp/av.mspx http://www.microsoft.com/protect/computer/viruses/default.mspx
   • For Apple/Mac OS:
     http://support.apple.com/kb/HT1222

Some users’ preferences have changed to "On" automatically, despite having their preferences set to "Off." This problem may be caused by using the Facebook application on your smartphone (ie BlackBerry). If you are experiencing this issue, please report it here.

Facebook sends a notification to every email address associated with an account when someone has been able to register one of the addresses on the account. This happens when a person clicks on a link sent to the email address when creating a new account, or when adding the address to an existing account.

If you still own the email address in question, you can add it back to your account by going to the "Settings" tab on the Account page and following the same process. You may want to change the password for the email address, as someone else may have been able to access it in order to confirm the contact change.

If you no longer own the address, you will not be able to add it back to your account. If you still own the email address but are unable to access it, please contact your email provider for assistance with regaining access to the address.

Some users are getting fake email notifications that look like they are being sent from Facebook. These emails include false notifications for things like friend requests, messages, events, photos, and videos, as well as false accusations of Facebook site abuse. Do not click on any links contained within an email that you believe looks suspicious. Visit our Security Page for further information.

Please report this issue here.

This message is part of a false chain letter and did not come from Mark Zuckerberg or Facebook. This message can be safely disregarded and deleted. For more information on current scams, chain letters, and how to avoid them, please visit our Security Page's Threat section.

Facebook takes appropriate precautions to protect users' information. Your account information is located on a secured server behind a firewall. When you enter sensitive information (such as a credit card number or your password), we encrypt that information using secure socket layer technology (SSL). Facebook always posts to a secure page when users are logging in and employs industry standard encryption. This may not always be apparent from the web address (URL), but rest assured that our logins are secure.

Facebook is committed to protecting your information. We have industry standard and proprietary network monitoring tools constantly running in our system in order to prevent security breaches and protect the security of your data.

In addition, Facebook always posts to a secure page when users are logging in and employs industry standard encryption. This may not always be apparent from the URL (web address), but rest assured our logins are secure.

Find more questions and answers here.