Contents
Phishing emails impersonating Facebook are one of the most common cyber threats facing UK users. These emails look convincingly like official Facebook communications but are designed to steal your login credentials, personal information, or financial details. This guide teaches you how to identify and handle these threats.
What Are Facebook Phishing Emails?
Phishing emails are fraudulent messages designed to trick you into revealing sensitive information. They mimic Facebook’s branding — logos, colours, formatting — and often create a sense of urgency to prompt immediate action. They may claim your account has been compromised, your account will be disabled, you need to verify your identity, someone tried to log in, or you’ve violated community standards.
How to Spot Fake Facebook Emails
Check the sender address: Legitimate Facebook emails come from @facebookmail.com. Any other domain (facebook-security@gmail.com, support@fb-help.com, etc.) is fake. Check the links: Hover over links without clicking. Legitimate links go to facebook.com or fb.com — nothing else. Look for personalisation: Real Facebook emails address you by name and reference your actual account details. Generic greetings like “Dear user” are red flags. Grammar and spelling: While phishing emails are getting better, many still contain subtle errors. Urgency and threats: “Your account will be deleted in 24 hours” — Facebook rarely gives such aggressive deadlines for account actions.
Common Phishing Email Examples in the UK
“Your account has been compromised”: Claims someone logged into your account from a new location and asks you to “verify” your identity via a fake login page. “Copyright violation notice”: Claims your post violated copyright and your page will be removed unless you appeal via a phishing link. “Account verification required”: Claims Facebook needs to verify your identity and asks for your login credentials. “You’ve won a prize”: Claims you’ve won a Facebook competition and need to provide personal details to claim it.
If You Clicked a Phishing Link
If you entered your password on a fake site, change your Facebook password immediately. Enable two-factor authentication. Check and revoke any unfamiliar logins in Settings → Security and Login. Change the password on any other accounts that use the same password. Run an antivirus scan on your device. Monitor your accounts for unusual activity over the next few weeks.
How to Report Phishing Emails
Forward the phishing email to phish@facebook.com. Forward to the UK’s National Cyber Security Centre at report@phishing.gov.uk. Report to Action Fraud if you’ve suffered financial loss. Mark the email as spam/phishing in your email client to help train spam filters.