Facebook security essentials: Avoiding phishing & scams

Part of Facebook's mission is to give people the power to share and make meaningful connections – be it connecting with friends and family, supporting their favourite local business, or building community around the passions, causes, experiences and moments that mean the most to them.

We recognize that people need to be able to trust the connections they make on Facebook and want everyone to feel safe when using Facebook. That's why we have various tools and features at everyone's disposal to make their accounts more secure. We also work hard developing, implementing, and updating our policies to prevent inauthentic behaviour and circumvent actions from profiles and Pages with malicious and misleading intent. 

In Bangladesh, the importance of online safety is generally understood, but when it comes to daily implementation, the picture is different. Businesses of all sizes are also at risk – both in Bangladesh and globally.

On Facebook, community Group admins, business Page owners, journalists, creators, and other prominent profiles should make account security their utmost priority as they can be targeted by malicious actors who want access to contacts and sensitive informatiog. Here are essential Facebook tips to avoid phishing and scams – the oldest types of cyber-attacks.

What is phishing?

Phishing is when someone tries to get access to your Facebook account by sending you a suspicious message or link. Phishing takes many forms including emails, social media profiles, posts and messages or fake websites. Typically, a 'phisher' will claim to be from a reputable company or pretend to be someone you know in an effort to get you to give up a password or credit card number, and other personal information. If they get into your account, they may use your account to send spam.

How do I avoid getting phished?

• Look out for suspicious emails or messages

Emails from Facebook about your account always come from fb.com, facebook.com or facebookmail.com. You can always visit www.facebook.com or open your Facebook app to check for important messages from us. Don't trust messages demanding money, offering gifts or threatening to delete or ban your Facebook account.

• Never reveal your login details

Facebook will never ask for your password in an email or send you a password as an attachment. Never reveal your login information to anyone.

• Don't click suspicious links

If you get a suspicious email or message or see a post claiming to be from Facebook, don't click any links or attachments.

Pro tip: If the link is suspicious, you'll see the name or URL at the top of the page in red with a red triangle.

• Don't respond to these emails

Don't answer messages asking for your password, social security number, or credit card information.

• Take action and report to Facebook

If an email or Facebook message looks strange, report it to phish@fb.com. If you want to report a conversation, remember to take a screenshot before you delete it. Keep in mind that this won't delete the message from the other party's inbox. Report Link is the best way to report abusive content or spam on Facebook.  The Report link appears near the content itself.

• Use extra security features: Get alerts about unrecognized logins and turn on two-factor authentication to increase your account security.

To protect yourself from scammers and phishers, always pay attention to extra 'warning signs' that may indicate that you are being targeted by a malicious actor.

• Most of the common phishing tactics prey on human emotions in an attempt to mislead. Scammers will often pretend to be someone you know and ask you for help and money. They sometimes disguise themselves as your friends or relatives, and pretend to be in an emergency situation.

• Some scammers will sends you romantic messages in the hope of quickly earning your trust. But beware, the end game is to eventually convince you to send them money, or reveal your personal information.

• Another tactic is to send you are message directing you to a Page to claim a prize. To claim your 'prize' you'll need to pay a membership or joining fee or share your personal details. Like many phishing messages, these often come with misspellings and poor grammar. If you look carefully, they can also have forged links

I think I've been phished. What can I do?

If you accidentally entered your username or password into a strange link, someone else might be able to log in to your account.  Remain calm and try the following things:

• If you are still able to log in to your account,  secure it by resetting your password and logging out of any devices you don't own.

• If you can't get into your account and your username or password don't work, use recover your account tool.

• Check if anything strange has been happening to your account,  review recent activity and check recent emails sent by Facebook.

• If you feel you were the victim of a crime,  please contact your local police department. And if you have mistakenly given your credit card details, immediately inform your bank or credit card company, and also make sure you report the person or account to Facebook.

 For additional resources and information on account security, visit: https://www.facebook.com/help/