The Facebook 'Hack' Scam: What It Is and How to Protect Yourself

It isn't dangerous, but you should still protect yourself

If you've received a message from a stranger on Facebook informing you they've received a friend request from you and your account might be hacked, be very cautious. This may be part of what's known as a Facebook "hack" scam.

What is the Facebook "Hack" Scam?

There are variations of this scam that make the rounds, but most commonly it involves receiving a message warning you that your Facebook account has been hacked.

The message usually encourages you to forward the private message to all of your friends. Many people, without giving it much thought, forward this same message to all of their friends. This convinces their friends their account has been hacked, and the forwarding continues. The end effect of the scam is a massive Facebook-based chain message.

How Does the Facebook "Hack" Scam Work?

This Facebook scam is not as dangerous as other scams out there. However, it does result in a massive number of forwarded messages and people getting panicked about their Facebook account getting hacked.

A typical Facebook "hack" scam involves the following steps:

  1. The scam artist will either clone a fake account or use their own. They'll reach out to you on Facebook messenger and send a message similar to the following:

    Hi… I actually got another friend request from you yesterday… which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears… then hit forward and all the people you want to forward too….I had to do the people individually. Good luck!” 

  2. Most of the time, when people receive this message, they immediately panic. They either forward the original message to all of their friends, or they create a fresh post alerting all of their friends that their account has been hacked.

    Screenshot of a person who believes their Facebook account is hacked
  3. Once they forward the message, their friends start to panic. As multiple friends forward the original message to their friends, the number of forwarded messages snowballs significantly. The message wording may change, but the result is always the same. People almost always panic. You've probably seen messages like this from your own friends on Facebook.

    Screenshot of someone who believes their Facebook account was hacked
  4. The good news is that the result of the Facebook "hack" scam is relatively harmless. It won't result in your Facebook account or any other account actually getting hacked. However, it will result in the spread of a very annoying message probably meant to serve at best as a simple practical joke, or at worst as a way to scare as many people as possible.

How Do the Facebook "Hack" Scammers Find Victims?

There are several things scammers look for when they're looking for targets to send their hoax message to.

  • People who are more likely to forward posts they see from friends.
  • Facebook users who've fallen for fake stories or posts in the past.
  • Scammers like to gather names of users who post frequently in public groups.

In addition to targeted scams like this, scammers often also select their victims at random by searching for names using Facebook's name search feature.

How Do I Avoid Being Targeted For the Facebook "Hack" Scam?

If you consider how scammers choose victims, there are a few things you can do to prevent being targeted for this scam.

  1. Before reacting to this kind of message, verify the security of your account. Select the dropdown at the upper right of the Facebook page and select Settings. In the left navigation menu, select Security and Login, then review the Where You're Logged In section for any login activity from areas of the country where you're not located.

    Screenshot of Security and Login in Facebook
  2. If you see unusual activity, select the three dots to the right of the logged activity, then select Log Out to log that user out of your account.

    Screenshot of logging out unusual log in activity in Facebook
  3. Next, it's important you change your Facebook password so no one else can access your account.

    Screenshot of changing your password in Facebook
  4. Next, adjust your Facebook privacy settings so it's more difficult for scammers to find you on Facebook. Go back into your Facebook Settings and select Security and Login. Select Privacy from the left navigation menu. At the bottom of this menu you'll see three settings you should change individually.

    Screenshot of Facebook Privacy Settings and Tools
  5. Select Edit on each of these settings and deselect each one.

    • Who can look you up using the email address you provided? Change this setting to Only me.
    • Who can look you up using the phon number you provided? Change this setting to Only me.
    • Do you want search engines outside of Facebook to link to your profile? Deselect Allow search engines outside of Facebook to link to your profile.
  6. Under the Your Activity section, you'll see a setting to Limit The Audience for Old Posts on Your Timeline. Select Limit Past Posts, then select Limit Past Posts again at the bottom. This will convert all of your past publicly created posts into posts only visible by your existing friends.

    Screenshot of Privacy Settings in Facebook
  7. Now your account is more secure. Your public posts and your account are also less visible to people who are looking for targets for the Facebook "hack" scam.

How Do I Avoid Getting Involved in This Scam?

It isn't always easy to avoid becoming a part of this scam. However, there are a few ways you can reduce your odds.

  • Try to avoid posting in public groups. If you do enjoy Facebook groups, then try to only join private ones.
  • Whenever you post to your Facebook wall, remember to keep the privacy setting set to Friends rather than Public.
  • When you receive messages like this from your friends, advise them that it's likely a hoax and to avoid sending it to any more of their friends.

I'm Already a Victim. What Should I Do?

If you've been contacted by someone telling you your account is hacked and asking you to forward the message to all of your friends, there are a few things you should do immediately:

  • Use the steps above to confirm your account isn't actually hacked.
  • Increase the security of your account if you haven't already.
  • Change your Facebook password just to be safe.
  • If the message came from a stranger, report that account to Facebook.
  • Don't respond to or forward the message. Simply ignore it.

These scam messages are usually just annoying and pose no actual threat to your Facebook account.