Skip to Content

Facebook shrewd security scam spreading like crazy

According to Facebook, it has over 2 billion active monthly users worldwide. That’s super impressive when you realize it’s more than 25 percent of the entire population on Earth.

The staggering number of users is exactly why cybercriminals constantly target the site. Think about it, the more people frequenting a site the more potential victims there are. Which is why you really need to watch out for the latest scam circulating on Facebook right now, it’s easy to fall for.

Watch out for this tricky Facebook scam

What we’re talking about is an elaborate phishing attack that is spreading like crazy on Facebook. Victims are receiving messages through Facebook from people on their “friends” list asking them for help recovering their account. The problem is, their friend’s account has already been compromised by a cybercriminal.

Here is how the attack works:

The victim receives a message through Facebook Messenger from a friend’s compromised account. The scammer asks for help in recovering their account, letting the victim know that they are listed as one of their “Trusted Contacts” on Facebook. They also say that you will receive a code, which they need to recover their locked Facebook account.

The fraudster then activates the “I forgot my password” feature on YOUR Facebook account and requests a recovery code from the social media giant. Since the victim has already received a heads-up on the code, they don’t think twice about sending it to their “friend.”

Once the fraudster has the code, they can use it to take over your account. They can continue the cycle by sending the scam to all of your friends from YOUR account.

How to avoid this Facebook scam

Now that you know this is happening, do NOT send your “friend” a code through Messenger. There truly is a feature on Facebook for “Trusted Contacts,” so you could receive a legitimate request for help. However, with scams like these constantly popping up you should speak with your friend over the phone or in person before sending them a code.

Set up two-factor authentication 

Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.

Use unique passwords

Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.

Report scam to Facebook

If you receive a message from a friend asking for a recovery code and find out their account has been compromised, report the message to Facebook. Click here to learn how to report a scam to the site.

Keeping your gadgets virus-free can be difficult, here’s how to know if it’s been infected

It used to be confined to desktops and laptops but now, more than ever, mobile gadgets such as our smartphones and tablets, are being targeted with viruses, Trojans, malware, spyware, ransomware, adware – just about any type of “ware” cybercrooks can think of. Android gadgets, in particular, are more vulnerable to these kinds of attacks.

Click here and I’ll tell you what to do if your gadget has been infected with a virus.

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook