Security Facebookmail Recovery Code Scam

How the Scam Works

• Credential Harvesting: Scammers send fake emails that look identical to Facebook’s to trick you into clicking a "reset password" link. This link leads to a spoofed login page designed to steal your username and password.
• MFA Fatigue: By repeatedly triggering real recovery codes to your inbox, attackers hope you will eventually click a "This wasn't me" link out of frustration, which may lead to a malicious site.
• Social Engineering: A "friend" (whose account is already hacked) might message you claiming they need help and ask you to send them a code that was sent to your phone. This code is actually to reset your password, not theirs.

Verify a Genuine Facebook Email

Do not trust the "From" address alone, as it can be spoofed. Instead, use Facebook’s internal tools to verify:

1. Check Recent Emails in App: Go to Settings & Privacy > Accounts Center > Password and Security > Recent Emails.
   • Check both the Security and Other Emails tabs. If the email isn't listed there, it is a fake.
2. Inspect Links: Hover your mouse over any link without clicking. A legitimate recovery cancel link should follow this format: https://www.facebook.com/login/recover...
3. Confirm Identity: Facebook will never ask for your password via email or send it as an attachment.

Actions to Take

• Do Not Click Links: Never click links or buttons in an unsolicited recovery email.
• Log in Directly: If you are worried, go directly to facebook.com to change your password and review your active sessions.
• Enable Two-Factor Authentication (2FA): Use an authenticator app (like Google Authenticator or Duo) instead of SMS for better security.
• Report the Email: Forward suspicious emails to spoof@facebook.com.
• Recover a Hacked Account: If you think you've already been compromised, use the official Facebook Hacked Recovery Tool.