As I’m seeing this more and more, I want to take a moment to talk about a current rash of “Facebook Account Hacked,” how this is occurring, and what you can do to prevent it.
The process is fairly simple:
- You get a message from someone you know that message is something like the following: “Hey, my phone is acting up and I’m trying to get into my account, but I can’t get the verification code, can I use your phone number and you send me the code?”
- You Agree and Send the Code
- You later find either, or both, of the following:
- Don’t have access to your Facebook account.
- You are getting alerted that your friends are receiving a similar message as above from your account.
What Happened?
When you hit forgot password at the login screen of Facebook, you will receive a text message with a code that allows you to verify to Facebook that you are the one attempting to recover your account.
The downside to this is that, armed with your email address or cell phone number, and able to get you to give up the verification code sent to your phone number, because you thought you were helping someone else, you are actually giving them access to YOUR ACCOUNT, not helping them recover their account.
Said Another Way
While our desire and ability to help others is admirable, please remember that you may not always be talking to who you think you are talking to, and the help that you are providing may be to help someone else to something that is yours.
If someone else was locked out of their car, would you give them your keys to help? No, obviously, your keys won’t help them get into anything but your car. The same is true for the verification system. You are giving access to your account in the same way that you’d give someone access to your car, verification codes work much the same as a set of keys.
What to do instead?
Ignore the request and reach out to the friend to let them know that they have a problem with their account, either directly through phone or email, or via someone that is more closely related. If this person is your spouse, you have permission to also just turn to them and tell them! 🙂
Can it Be a Legitimate Situation Though?
Unless you have setup an account for someone else, and that’s who is contacting you, then no, this will never legitimately occur.
If you need help recovering your account, I will be happy to assist you with this issue. While the process is generally to act quickly to secure the account with a new password and revoke access to all devices currently accessing the account, I understand that for some it is a very concerning situation and adds difficulty to completing the necessary steps.