Costa News Spain Breaking News | English News in Spain.
Facebook Phishing Alert: Fake “new login” and “password reset ” emails mimic Meta branding. Don’t click links—verify in the app. Emails from Facebook, Meta.com and Metamail.com are legitimate.
Credit : pixinoo, Shutterstock
The Facebook email scam that hooks you.
The first thing that happens is a shock: An email saying “Someone has just logged in to your Facebook account from a different device” or “We have received a request for you to reset your password.” The email looks official and borrows Facebook branding. It also urges you to take action quickly. Security firms say these messages aren’t routine alerts — they’re phishing attempts designed to steal your credentials or plant malware. The scammers use urgency and familiarity to their advantage: Click this link to confirm that you are the account holder..
In the latest wave flagged by researchers, every button in the email — ‘Report the user’, ‘Yes, me’, ‘Unsubscribe’, even a disguised email address at the bottom — does the same thing. It opens your default email app and displays a pre-filled text message in order to get you involved in a back-and forth, or it redirects you to a fake Facebook log-in page. You’ve given them the keys when you type in your username, password, or two-factor code. Some variants try to get you to download an ‘attachment’ or ‘security tool’. The malware is then downloaded, giving the crooks more access to your device.
In seconds, you can spot the fakes: Tell-tale signs that will help you to identify them
It is possible to be fooled by a phony email, even if it’s not the real deal. Just a few quick checks can make all the different. Check the address of the sender, not just the display name. Genuine Facebook and Meta messages will come from the domains fb.com (or a variation), facebook.com (or a variation), facebookmail.com (or a variant), meta.com (or if you prefer, metamail.com). Anything else — a random Gmail, a travel agent’s domain, a near-miss spelling — belongs in the bin. If you hover over links and don’t click, you may see a messy URL from a third party instead of Facebook. Beware of pressure tactics, such as threats. Do this now, or we will close your accountThe classic red flag is a request for passwords, codes, or personal data.
It is best to check alerts outside of the email. Open the Facebook app or go to the website directly and head to Settings → Security and login to see Where you’re logged in. You can also review Recent emails from Facebook inside the app — if the message you received isn’t listed there, it didn’t come from them.
Already clicked? How to lock down your account
Don’t panic – act methodically. Log out from any unknown sessions and change your Facebook password as soon as possible. If you haven’t done so already, turn on two-factor verification. App-based codes work best. If you entered details on a fake page, change the same password anywhere else you reused it — email first, then banking and shopping accounts. You can run a malware scanner on your laptop or mobile phone and remove extensions or applications you are not familiar with.
Keep an eye on your statements and inform your bank immediately if money or personal information is in danger. Then delete the message from your Facebook page and email client. You can also do a good thing by warning a friend or kin. These campaigns are spread because they are believable. A quick warning can prevent the next victim.
Never click through a security email – treat it as a notification, not a doorway. Check your Facebook account directly on the Facebook official app or website. You’ll be able to see an alert if the message is real. You’ve avoided a scam if it was not real.
