Protect yourself from phishing on Facebook

We have seen evidence of malicious actors sending Business Manager partner requests that include phishing links. As we investigate this issue, we encourage you to exercise caution as these notifications come from a legitimate Meta domain (facebookmail.com). If you don’t know the person or business mentioned in the partner request, do not click on any links.
You can take steps to protect yourself from phishing scams on Facebook.
Find what to do if you think you've been phished.

About phishing

Phishing is when someone tries to trick you into giving up your personal information, like passwords or credit card numbers, often by sending you online communications (such as email or messages) that are designed to look legitimate. Phishing attacks can come in many different forms, but a common phishing attack example is when someone sends you deceptive links. These links may appear harmless, but if you click on them, they can lead you to dangerous or fraudulent websites that look legitimate, where your personal information or login credentials can be stolen.
Scammers and bad actors online may use phishing techniques to try to steal your login information or to infect your device with malware. Additionally, when bad actors take control over an account or device, they will sometimes use that account to send spam or inappropriate content to other people you may know, including friends or family.
Phishing attacks are particularly harmful because they don’t remain isolated to one online service or app. Clicking on one fraudulent link can lead to bad actors taking over multiple accounts (like your email account, Facebook account, Whatsapp account, etc.) or devices, which can then be used to phish your family or friends. Phishing does not only take place on Facebook, it’s an issue you need to be aware of across all online platforms and apps you may use.

Example of phishing

You read a post on Facebook from someone you think you know, informing you that a famous person has died. When you click the link in their post, you are taken to a fake Facebook login page where you unknowingly give your account credentials to scammers. These scammers then take over your account and hold it hostage, demanding money or spamming your Facebook contacts with inappropriate content.

Signs that your account may have been phished

  • You can’t access your Facebook account.
  • Your friends or family tell you that they are receiving inappropriate messages, videos, or images from your account.
  • You are now following people or pages you don’t want to follow.
  • Other accounts of yours, such as those from financial institutions or email services, are compromised.

Tips to avoid phishing attacks on your Facebook account

  • Don’t click on links or open attachments from unknown sources. Avoid clicking on links within any unsolicited messages, whether it's email, Messenger, or text, even if they appear to be from Facebook. Always be cautious and avoid opening attachments from unfamiliar businesses or individuals. Remember, even your friends or family may unknowingly send you malicious attachments, especially if their account has already been compromised.
  • Be on the lookout for signs of phishing, such as misspelled words, bad grammar, or design mistakes in messages. These errors could signal that something is suspicious. Pay close attention to messages that contain:
    • Threats or urgent demands, like "Do this now or we'll close your account."
    • Requests for money or promises of gifts.
    • Asks for passwords, account details, or other personal information.
    • Language that urges you to click on a link.
    • Messages from someone you don’t personally know.
    • Receiving emails from unfamiliar senders.
  • Take a close look at the email address or phone number sending you the message. When you get a request or notification regarding your account, it's important to make sure it’s coming from a legitimate source. Scammers frequently use deceptive email addresses that closely resemble official support accounts, but they are not legitimate.
    Emails about your Facebook (or other Meta products) account will always come from:
    • fb.com
    • facebook.com
    • facebookmail.com
    • instagram.com
    • meta.com
    • metamail.com
    • support.facebook.com
    Learn more about why you are receiving email notifications from Facebookmail.com and Metamail.com.
  • Be careful what you share with others (online or in person). We recommend that you never provide your Facebook username or password to any unfamiliar source. We will never ask you for your username or password in an email message, or send you a password to verify in an attachment. Avoid responding to messages requesting personal details like social security or banking information, even if they claim to be from Facebook.
  • Be aware that fraudulent links and requests can come through various digital channels. This includes email messages, Instagram direct messages or Messenger chats. Meta representatives will never request money or ask for passwords, payment details or other sensitive information over chat or email.
    Learn what to do if you received a suspicious email or message that looks like it came from Facebook.

Learn more about how to protect your Facebook account

Additional resources

Was this helpful?

Yes
No