If you think you are safe from Facebook scammers, you are actually more vulnerable. Overconfidence can cause you to underestimate the risks.

These eight strategies can help you avoid phishing and scammers on Facebook.

Why Would Someone Hack Your Facebook?

Phishing website with credentials being lifted with fishhook

Because they want your personal information. They can use that info to access your bank accounts, or even steal your identity. And they have many ways to steal from you through Facebook.

Your login credentials are valuable for several reasons. One is that you may have credit cards or other payment methods linked with them. They can also help the scammer access other accounts. For example, your bank or online shopping accounts.

Once a scammer gets some clues, they work quickly. Automatic software lets them check hundreds of passwords per minute until something works. To stay safe, you need to guard your information.

1. Remove Personal Details From Your Facebook Profile

Before Facebook's rise, being anonymous online was the default. It was considered extremely unwise to share your real-life information.

But Facebook requires users to go by their real names. Consider the example profile pictured above. It may look normal, but to a scammer, it’s a gold mine of personal details.

This profile shares lots of possible passwords. You can see their pet's name, hometown name, school sports team, and more. And you don’t even need to be friends to see it.

It's better to limit the information you share. Making an anonymous Facebook profile is the best way to protect yourself. Take a look at this altered example, with all possible details hidden.

This profile is much safer. And having a profile like this doesn’t impact the way you use Facebook. After all, you don't need to share your workplace history to enjoy a social connection.

You can take it one step further, so people can only send you messages if you have a mutual friend. Do this using the Privacy Settings.

2. Manage Your Facebook Privacy Settings

Profile Privacy Settings

If you've used Facebook for a while, you have a lot of information organized on your profile. You might not want to remove it, since it's a handy reference tool. If you want to keep this data on Facebook, make sure you're the only one who can see it.

From the Facebook website or app, go to Settings & Privacy > Privacy Center. For recommended settings, you can check out our guide to Facebook Privacy.

It’s a good idea to do a privacy check on a regular basis.

3. Remove Access to Facebook From Suspicious Apps

Authorized apps list on Facebook

Apps often request access to your Facebook profile. In most cases, the access just enables the app's social media sharing options. But it’s still a good idea to check your Authorized Apps.

You can see them under Settings & Privacy > Settings > Apps and Websites. Remove any apps you don’t recognize. Remember that apps where you Log in with Facebook will appear on this list, too.

4. Don’t Click Strange URLs on Facebook

A common way to scam people is to use Messenger. Scammers send out these links using bots loaded with generic scripts. For instance, “this is hilarious…” or “OMG, check this out!”. If you see a line like this attached to a URL, be careful, especially if it’s out of character for your friend.

These automated messages try to convince you into giving up your personal details. The message might try to scare you, or tempt you with promises of something funny or interesting. Many times, they contain a link.

If you receive such a message, even from a friend, don’t follow the directions or open the link. Instead, reply and ask what's going on. Your friend can tell you what's going on, but a bot won’t reply.

If you're still unsure, you can check a link’s destination using a web app that tests it for you. We’ve compiled a list of reliable link-checking services for you to pick from.

5. Know the Signs of a Facebook Scam

A fake Facebook Login page contrasted with the real one. In the fake page, a fake "we need to verify your account" message is displayed, the URL is not leading to Facebook, the page title and dividor contain spelling errors, the language settings are incorrect for the user, the autofill information is missing, and the footer contains the wrong company name..
Screenshot by Natalie Stewart, no attribution required.

Knowing the most common Facebook phishing scams helps you stay alert. One common trick is to send you a link to a fake website, often a login page. Remember that Facebook will never ask you to "verify your account" before following a link.

In the example above, you can see a phishing page on the left compared to the real Facebook login page on the right. Instantly, you can see that the URL on the fake page does not say Facebook.com.

Looking closer, we can see spelling errors. The language settings options are inaccurate to the user's region, as well. The footer is also incorrect. It uses the Facebook Inc company name. But as of 2022, the real site uses Meta © 2022.

Lastly, scammers use screen captures of the real site instead of building fake pages. You shouldn't click anything on a phishing site. But if you long-tap or right-click to inspect the links, you will often find that they are actually images. The blurry quality also gives this away.

6. Don’t Reply to Trivia Facebook Posts

example of a phishing post on social media

Facebook is full of public posts asking users to reply with trivia. They often ask for nostalgic things, such as your first car or favorite teacher. These posts seem like fun, but they are dangerous.

Answering these questions gives the scammer clues to your password or security questions. If you feel inspired by the question, it's better to strike up a conversation in a private chat instead of commenting.

Even if you don’t use that information for password recovery, sharing it can put your friends and family at risk. Your loved ones might share your connection to these memorable details. Your first pet may also be your sibling's first pet, for example.

You cannot guarantee that none of your loved ones will use the same detail for their logins. So, it’s best to keep it to yourself.

7. Only Add People You Know to Your Facebook Account

An incoming friend request on Facebook

Make sure you trust someone before accepting a request. Scammers often go after personal details hidden behind “friends only” privacy settings. To protect yourself, it’s a good idea to limit your Facebook Friends to people you actually know.

One of the most common Facebook Marketplace scams is to offer a friend request to potential buyers. The seller may pretend that they don’t know another way to contact you, but this is a lie.

If you want to talk to a stranger, you don’t have to be Facebook friends. You can use Messenger. Go to Settings & Privacy > Settings > Privacy and enable Message Requests.

8. Use a Strong Password for Your Facebook Account

someone on a keyboard logging in

Avoid using phone numbers, pet names, and similar information as passwords, as these are easy to guess. Also, avoid having short, simple passwords, and never use the same password on more than one site.

Your password should be 14 characters at least. It should also contain a mix of upper and lower-case letters, numbers, and symbols. There are more ways to make sure your password is secure, but these are the basics.

Even though it's convenient, you should avoid using the Log in with Facebook option on other websites. The more sites your Facebook account connects to, the greater the loss if you are ever phished. Instead, make a unique login for each account.

Stay Safe From Facebook Phishing

If you think you may have been phished, the first thing you should do is change your Facebook password. Then, log out of all devices. It can also help to go through a checklist of security measures.