Well, the Facebook scammers are at it again (as if they ever stop).
This time they’re out to take control of your Facebook account by tricking you into helping them change the password so they can log in to it.
I’ve received several requests for help from readers who had their accounts hijacked via this scam, and unfortunately there was nothing I could do to help in most of those situations.
As usual, there are several variations of this scam, but most of them go something like this:
You receive a private message from one of your Facebook friends saying they want to change the password on their account but for some reason they aren’t receiving the confirmation codes that Facebook sends in order to confirm the account holder’s identity.
They then tell you they had Facebook send the code to YOUR phone instead.
After you receive the code on your phone the hacker asks you to send them the code so they can use it to change their Facebook password. However, this is all just a ruse…
That code is actually the code the hacker needs to enter in order to sign into YOUR account because he initiated a password change on your account, not his. That’s why the code came to YOUR phone instead of his.
If you go along with the scammer’s request, this is what will happen:
1 – The scammer will end up with YOUR Facebook 2FA confirmation code.
2 – The scammer will use that code to change the password on YOUR Facebook account, and thereby gain access to it.
3 – The scammer will sign into your Facebook account with the new password and quickly change both the phone number and the email address that’s connected to your account, effectively locking you out of the account.
As you can see, this is a very dangerous scam. And unfortunately, it’s very easy to fall for. After all, we all want to help a friend get out of a jam, right?
Like I said, there are several variations of this scam. Just know that if someone asks you to send them a code that was sent to your phone, they are trying to scam you and hack your account.
Bottom line: If you receive any type of message from a Facebook friend asking you to send them a confirmation code that you received from Facebook, refuse to comply or else you’ll likely end up losing access to your own Facebook account.