Have you ever received a Facebook Account Recovery Code that you did not initiate? Or maybe you received an email with an account recovery code, but deleted it under the assumption that it was a phishing attempt?
I woke up this morning to an unsolicited Facebook Account Recovery Code via email. I checked the links in the email and the sender information, and determined that the email was indeed from Facebook. I opened my Facebook app on my phone and also had an alert in my account that I had requested a recovery code. I clicked the link in my app to let Facebook know that it was not me requesting the recovery code.
If you are a Facebook user, you have undoubtedly seen friends and family post “I’ve been hacked! Don’t open anything from me!” You should take time to check your Facebook security settings to prevent this from happening to you. It is also important to learn what a true Facebook recovery email looks like, so you do not fall victim to a phishing scheme.
Let’s start by setting up the security features on your Facebook account.
Login to Facebook, and under your profile picture choose Settings and Privacy –> Privacy Checkup, or click the link below:
Now select “How to Keep Your Account Secure” and proceed through the password and recovery recommendations. This is where you will choose how you want to be notified if someone tries to login to your account. I recommend getting notified through the app AND through email addresses. The more recovery options you engage, the more likely you are to recover your account if your password is compromised.
•Never use the same password for Facebook that you use for other accounts elsewhere.
•Consider using a phrase (MyFavoriteKeyisEflatMajor!), or a secure password recommended by your browser.
If you have received an unsolicited Facebook Recovery email, chances are that the email address you are using for Facebook was involved in a data breach somewhere else. You can check this at https://haveibeenpwned.com/ – this website will show you which data breaches your email address has been part of, and which information is now available for hackers to use and manipulate.
How Do I Know If This Facebook Email is Real?
Look at the sender information. It should be from facebookmail.com or metamail.com
Hover over the links. Are they going to a facebook.com address, or somewhere else?
When in doubt, go directly to your account and see if there are alerts in your account. You can also check your recent sign-ins and report suspicious activity through your account profile –> Settings and Privacy –> Activity Log –> Logged Information –> Where You’re Logged In. If you see unfamiliar web sessions or devices, click the three dots to remove access to your account.