Most of us have probably received an email at some point from Facebook saying, "someone is trying to log onto your account." The feeling of dread that comes upon you in that moment is gut-wrenching and hard to shake. It feels like a serious invasion of privacy, which is why we are typically so quick to act. HOWEVER... you must be alert when it comes to these emails. All too often, scammers use this as a way to hack into a victim's account or get information out of them. Before you click on the link in the email to "secure your account," check out some of the warning signs below.
Looks kind of legit, right? The red text in the photo above points out obvious ways to confirm whether or not the email can be trusted.
1) The email subject doesn't make sense and is grammatically incorrect. Sometimes, it will contain emojis. I can promise you one thing: Facebook will never send you an email with a subject that has emojis.
2) The email address is crazy looking and is un-readable. For anything security-related, the email will come from firstname.lastname@example.org. Any other email address is fraudulent.
3) Check the "sent to" email address! If it does not say your actual email address, it was probably sent out to many, many people. Hackers do this because they expect at least one person to fall victim.
4) Check the display name. In the above email, it shows that their display name is "Hi." This should be the biggest red flag in and of itself.
5) They didn't use my full name in the email. Instead, they used the first part of my email address. Facebook/Instagram/Twitter will always use your name and not the first part of your email address (the part before the @ sign).
6) There will never be two options to choose from when it comes to securing your account. There will always just be one option that prompts you to enter a code to change your password.
7 - bonus!) The hacker sent this to an email address that isn't even associated with my Facebook account. Big whoops on their part.
Before you respond to one of these emails, always go to Facebook privacy settings to see where you're logged in. If you notice something there that seems suspicious, you will be able to log out of all devices/sessions and reset your password. See the below screenshot for reference:
If you notice a log-in from a suspicious location or a device you don't recognize, immediately log out of all sessions and reset your password. To get to this screen, follow the steps below:
1) Click the small "down" arrow in the upper right-hand corner
2) Click "Settings and Privacy"
3) Click "Settings"
4) Click "Security and Login" from the lefthand side menu
5) View all of your active sessions!
To ensure ultimate safety, it is best to set up two-factor authentication. This will send your phone/email a code every time someone tries to log on to your account. I have also installed an authentication app called "Duo" that further secures my account -- I encourage you all to download it as well! There is a new scam going around where hackers take possession of your social media profiles and demand a ransom to give you back control of your account. These ransoms can reach over $1,000 in some cases. It's better to be safe than sorry -- always make sure your account is locked down.
Continually perform self-checks to make sure you're only logged into your personal devices, set up two-factor authentication, and be wary of suspicious emails from Facebook!