Skip to main content

Facebook: beware of phishing – The new scam to steal your profile

By 25 January 2024No Comments

Be careful of the new scam (phishing) circulating on Facebook: you risk losing your account forever!

In recent days, Facebook users have been the target of a sophisticated new phishing scam. Scammers, disguising their messages as official platform alerts, warn victims of alleged "suspicious activity" on their accounts, pushing them to act quickly and without caution. 

If you have also received messages of this type, wait before replying! Read on, it might save your FB profile.

What is Phishing?

Phishing is an online fraud technique in which scammers send messages that appear to come from trusted sources, such as banks, online services, or, in this case, Facebook itself. The goal is to trick victims into revealing sensitive information such as passwords, banking or personal details.

Once hackers get their hands on your personal data, there is a strong risk that you might say goodbye forever to your profile. In fact, they are very quick to enter your account with the stolen credentials and change your username and password, excluding you from your own profile.

Of course, there are solutions (which we will see later), but you must act as soon as possible, as soon as the scam is discovered and account recovery is not guaranteed. But let's see how this scam unfolds.

How Facebook Scam Works

In the scam that is recently affecting many users of the most used social network in the world, scammers send notifications or emails that appear authentic, warning the user of aunusual or suspicious activity on your account and threatening to have your profile suspended. These messages usually contain a link inviting the user to “log in” to verify their account. 

However, the link leads to a fake page, surprisingly similar to the official Facebook one, where login details are requested. Whatever your password, if you enter it on the fake page, it will be incorrect and you will be sent back to the social network's homepage. 

Before you know it, your login credentials have just been stolen.

Usually, profile theft does not lead to serious, but rather annoying consequences. Having your account stolen will make you lose all the information, photos and friends you had. However, if you have payment methods linked to your account, you risk also lose a lot of money.

There are also variants in which, for example, you are notified that you have published content that does not comply with Facebook policies, or, in the case of business accounts, that you have published prohibited advertisements. Whatever the method, the result is the same.

Recognizing Warning Signs

The scam plays on the user's fear of losing their account. It is no coincidence that these false messages are designed to rush the victim who, thinking they have to act quickly, does not stop to think about a possible scam. So, if you receive a warning message, don't panic. There are ways to recognize possible phishing activity.  

  1. Suspicious URLs: The first way is to always check the URL of the page. If it does not correspond exactly to the official Facebook one (, it is likely that it is a scam;
  2. Spelling or grammatical errors: Phishing messages often contain obvious linguistic and grammatical errors. Messages written in limping Italian are often a warning sign;
  3. Unusual requests: An additional red flag, which should alert you, is the fact that Facebook will never ask for your password via email or message. 
  4. Pay attention to where the message comes from: Hackers often use, for their phishing activities, the creation of a fake page that pretends to be Facebook support. To unmask them, simply click on their username and visit the page, from which you easily realize that it is not the official Facebook support; 
  5. Facebook doesn't tag you: Facebook's official communications come to you mainly from two channels: the notification and your email address. If someone impersonating Facebook you tag, it is probably a scam.

A practical example

For greater clarity, let's take a practical example of a phishing attempt.  

Phishing - esempio 1

This message, which appears to all intents and purposes to be an official communication from Facebook, is actually a phishing attempt. This can be seen by the fact that the sender has tagged the potential victim's page, instead of sending a direct message. 

By clicking on the sender's name, you can also see that it is a recently created Facebook page and that it contains no other information other than the phishing message you received.

Phishing - esempio 2

By clicking on the link they sent you, you end up on a page very similar to that of FB support, which notifies you that your profile has been blocked and invites you to fill out a form with your information. 

Phishing - esempio 3

Phishing - esempio 4

By filling out this form, the scam is complete, your data is stolen and you risk losing your profile forever.

Prevention and Actions to Take

To avoid becoming a victim of phishing, there are some precautions you can take: 

  • Checking sources: before clicking on a link, always verify the authenticity of the sender;
  • Use of antivirus software: A good antivirus can detect and block phishing attempts;
  • Two-factor authentication: Enabling two-factor authentication on Facebook offers an additional layer of security;
  • Change your password regularly: Changing your Facebook password frequently can prevent abuse in the event of a data leak.
  • Request Facebook support: If you receive a suspicious message and are unsure of its validity, contactFacebook support and ask for clarification.

What to Do if You Have Been a Victim of Phishing

If you suspect you have been a victim of phishing:

  • Change your password immediately: make sure you do it from a secure device that you have already used in the past;
  • Check your account security settings: Check for any suspicious changes;
  • Report the incident to Facebook: If you have tried to log in to Facebook without success, it means that the hackers responsible for phishing have already changed your login credentials. Report the incident to Facebook support immediately. Doing so in a timely manner helps both you to recover your account immediately and prevents other users from falling into the same trap;
  • Notify your contacts: Inform them that you may have been compromised and to watch out for unusual messages coming from your account. Perpetrators often exploit your network of friends for other scams.


Staying safe online requires vigilance and information. Recognizing and preventing phishing on Facebook is essential to protecting your digital identity and personal data. It's important to stay up to date on the latest tactics used by scammers and share this information with friends and family. Remember: online safety starts with you!

Have you been a victim of phishing? Contact us for a consultation.