Beware: someone’s trying to log in to your Facebook account
Users report receiving emails from a legitimate Facebook address with password recovery codes they did not ask for.
The first instinct after getting a suspicious-looking email with a password recovery code is to delete it – dismiss it as a scam and certainly not click on any links within. It surely must be fake since you did not request the change, right?
Not entirely: someone else might have done that for you, and simply ignoring the email may be a mistake. There is a fair chance that it was legitimate, and you may still be a target of a cyberattack, even if it is not the phishing scam you thought it was.
I have recently received two such emails shortly after each other and deleted the first one without giving it much thought.
I was impressed by how realistic and clean the email looked but judged it fake based solely on the address it was sent from, which I initially did not believe was a genuine Facebook address.
Another red flag was a link urging me to let Facebook know “if you didn’t request a new password.” Links in a suspicious email? No, thank you.
I decided to give it a closer look after receiving the second code recovery email, and I’m glad I did – my initial assessment was wrong. Both emails appeared to be legitimate and brought to my attention the need to review the security settings of my social media accounts.
How to tell if an email is genuine?
Users online speculated whether these emails were real or not, with many such discussions ending in an affirmative. Some expressed their apprehension that a platform like Facebook would ask anyone to click on a link in an email in this day and age.
This is why we are not going to do that, as there are several other ways to tell whether Facebook contacted you. First, check the address from which the email was sent. Mine was from [email protected], which I found suspicious on a first look.
A quick search online showed that Facebook does send email notifications from facebookmail.com, as well as metamail.com. And you should let them know if you didn’t request a recovery code.
To see if the link within the email is genuine, try hovering over it. The genuine link should contain both the login code sent in an email and your Facebook ID number, which is the next string of numbers linking it to your account.
The URL should look like this: https://m.facebook.com/login/recover/cancel/?n= [login code sent within email] &id= [your Facebook ID] &i=m_basic.
To check whether your Facebook ID number is correct, copy it to the URL address as in https://m.facebook.com/ [ID number], and if it is, it will lead to your account profile.
Conveniently, you can also check whether Facebook sent you any emails in your settings. There are two folders marked “Security” and “Other Emails.” I found the email notifications the platform sent me in the latter. Just bear in mind that emails under the “Security” tab are kept for two weeks, and those under the “Other Emails” graph for just two days.
Someone on Reddit also noted that the email sent by Facebook used the correct form of their name in non-Latin encoding not available anywhere else online – another way that could point at the email’s legitimacy if that is your case as well.
Why did you receive the email?
Facebook will only send you a password recovery code if you ask for one. If you did not, then someone else must have. There are several explanations for why specific accounts are affected. Someone might have genuinely tried to log in to your account by accident. They might as well be pursuing a personal vendetta against you.
Most likely the reason is much less personal and could mean that your email address has appeared in a data leak – mine has – and someone is just trying their blind luck in an attempt to take over your account and exploit it for various malicious purposes, including extortion, spreading malware, or scamming people in your friends list.
Cybernews has previously reported of a similar issue affecting users of another Meta-owned social media platform, Instagram. In both cases, it appears that at least some users are targets of something known as a brute-force attack.
A brute-force attack is a type of cyberattack that involves trying different variations of symbols or words until a correct password is guessed. Using specialized software or bots, cybercriminals can automatically try millions or even billions of passwords per second, spamming systems with password reset attempts for random email addresses.
Such attacks may not be the most efficient – until they are. You can check if your email or phone number has previously appeared in a data leak here.
What should you do next?
It is notoriously hard to regain access to a Facebook account once you lose it, so it is important to take every precaution if you suspect your account is being targeted.
The first thing to consider is manually changing the password to your Facebook account and, as tedious as it sounds, not using it for any other purpose.
The more complicated the password, the better, and it should be changed frequently. Password generators could be an option for those who find the thought of multiple passwords across multiple accounts daunting.
Making sure that only devices you trust are used to log in to your accounts and enabling two-factor authentication will add another layer of security.
Facebook allows users to choose either a security key, text message (SMS) codes, or a third-party authentication app such as Google Authenticator or LastPass as a primary security method. The remaining ones can also be added as backups, making sure that even if someone cracks your password, your account may still be secured.
More from Cybernews:
Subscribe to our newsletter