A Self-XSS scam on Facebook tricks you into compromising your account by claiming to provide a way to log into someone else’s Facebook account, or some other kind of reward, after pasting a special code or link into your web browser. You might see this message on a friend’s timeline after their own account was compromised by the scammer. Never click a link on Facebook that goes to a website you don’t know and trust.
This kind of scam can often use your timeline to spread itself to your friends and may also include links to malicious software or suspicious websites. Learn how to recognize scams on Facebook to protect your account from being compromised.
What steps can I take to protect myself from phishing?
Phishing is a malicious attempt to gain access to your account or record personal information about you by getting you to enter your login or other sensitive information into a fake website. Many scammers try to trick people with fake offers of free, rare, secret or exclusive digital goods (ex: coins, chips, gifts).
When in doubt, type
www.facebook.com into your browser to get to Facebook. We also recommend checking official Facebook Pages or app Pages before clicking on any promotions.
Beware of:
- Messages with misspellings and typos, multiple fonts or oddly-placed accents.
- Messages that claim to have your password attached. Facebook will never send you your password as an attachment.
- Mismatched links: When you hover over a link, look at the status bar at the bottom of your browser window, and make sure the link actually goes to the place shown in the email.
- Messages asking for your personal information. Facebook will never ask you for:
- Your account password
- Your social security number or tax identification number
- Your full credit card number or PIN
- Messages claiming that your account will be deleted or locked unless you take immediate action.
Keep in mind, you can report phishing emails to phish@fb.com or through the report links that appear throughout Facebook. While we can’t respond to every phishing report we receive, we’ll use the information you provide to investigate the issue and take action if possible.
You can learn more about suspicious emails and how to avoid scams.