If you fell into a phishing scam or shared your data on a compromised device, losing your Facebook account is terrifying. You may have years’ worth of data saved on there. A malicious actor could send messages to your personal accounts to reel in more victims. When you get a suspicious login alert from Facebook, you should immediately take action before damage is done. Whether you peruse the Facebook app on your trusty Android tablet or access it on the web, we highlight all the steps you should follow if you suspect your account is in danger.

Picture of Facebook Logo in front of multiple devices

8

Double-check the suspicious login alert

Maybe it isn’t Facebook sending you emails

As simple as this sounds, malicious actors have made some believable attempts to make it official. So, if you receive an email notification about a suspicious login attempt, telling you to take action before you lose your account while asking for personal information, be wary of the source.

The alert will be sent to your email or through a notification when Facebook sends it. You can check if you set the alert by visiting the Password and security page and selecting Login alerts. If you didn’t create an alert, the one sent to your email is likely from an unofficial source. You can also check the Recent emails section to verify if Facebook has sent any emails about security.

Be aware of phishing scams. Facebook will never ask you for your password in an email or send you a password as an attachment. You can report phishing attempts to phish@fb.com or use the official online report forms.

7

Check if you are in private browsing or incognito mode

It could be a false alarm

One cause of getting an accidental suspicious login alert from Facebook is if you recently logged into your account while in private browsing or incognito mode. Facebook may not be able to recognize the device once you’ve logged in. To easily fix this, we suggest disabling incognito mode or private browsing on your browser.

Showing how to access Incognito mode while on Google Chrome

6

Review your recent Facebook logins

Take note of suspicious login information

Before you panic, you should quickly check your recent logins to see if you already have an active session. The suspicious login alert isn’t perfect (though you should still be wary) and may have been detected because you used a private browsing mode or changed your IP address due to a VPN.

To review recent Facebook logins, navigate to Settings > Password and security > Where you’re logged in. If you don’t see this option, navigate to Settings > Login Activity. You should see a list of devices that have recently logged into your Facebook account; if you don’t recognize a device listed, we recommend using the Select devices to log out option.

5

Sign out of all devices

Log out of all active Facebook sessions

Once you see the suspicious login alert and are sure this was not done accidentally (even so, it is better to be safe than sorry), you should immediately use the sign out of all devices option to secure your account.

You can visit your Facebook account’s Security and login settings and select Where you’re logged in. On this page, choose Select devices to log out. Logging out of each device ends that session. A session is tied to a device you’re currently logged in with, along with information on the date and time you’ve logged on. We recommend keeping a record of this information — like if you suspect a family member is logging into your account without your permission, you’ll know exactly when and where.

4

Reset your Facebook password

Use a strong password to protect your account

If you see suspicious account activity, change your password as soon as possible. Your password might have been guessed or stolen, or you might have left it saved on a shared device. Resetting your Facebook password should be one of your first responses.

When resetting a password, change it to a strong one. A strong password should be at least 12 to 14 characters long and a mix of uppercase, lowercase, and special characters and numbers. The newly set password should not contain personal information, family names, pet names, birthdays, or common words. It also should be unique and not have been used on any other account. If you aren’t sure how to create a strong password or are worried about forgetting, you can always use a password manager to help generate a strong password and securely store it.

An illustration of a white dog with a smartphone in its mouth

Once you’ve changed your password, ensure you have 2FA (two-factor authentication) enabled. To enable two-factor authentication, navigate to the Settings and Privacy page and select Password and security to find the Two-Factor Authentication option. You can also set up another app-based 2FA (like Google Authenticator) or add a physical security key to strengthen protection.

3

Reset common passwords and email logins

Retrace all your digital steps

Sharing passwords with family members in the Google Password Manager app

Not only should you be worried about resetting your Facebook account password, but you should also consider doing so for all accounts that share your email login. Once your account information has been stolen, malicious actors may try to use it to access other accounts that share the same email or password details. So, we advise doing a mass reset on all accounts linked to your Facebook email, including changing all passwords and enabling 2FA.

2

Do a malware scan on all your devices

Nip the problem in the bud

Android logo on top of a phone, a bottle of sanitizer, and a couple of face masks

Source: Unsplash / Wikimedia Commons

For every device you signed into Facebook in the last 24 hours of the reported login, do a scan for potential malware. Malicious software can access your online accounts and take unwanted actions on your behalf. If your computer or mobile device is running slow, or there’s suspicious activity on your Facebook timeline, there’s a chance one of your devices is infected. Facebook suggests partner tools to help scan your device for malware, such as ESET and TrendMicro, but you can use any trusted antivirus or malware removal tools.

If your device has been infected by malware, ensure you clear your cache and browsing history, log out of all active sessions, and disconnect from the internet entirely. Consider rebooting your device in safe mode. Once your device is locked down, remove infected files with your antivirus/malware tools. If the damage is too significant, you may need a factory reset.

1

Report your hacked Facebook account

Get help before it is too late

If you have done a thorough check and suspect your account has been compromised (after dealing with the malicious source), we recommend reporting it to Facebook. You can reply to the email alert by clicking (or tapping) This wasn’t me. If you can’t access your email, you can report directly to Facebook and fill out the hacked form. You must provide clear reasoning as to why you think your account has been hacked, detailing any suspicious activity you’ve recently spotted on your account.

Can Facebook help recover a hacked account?

In a situation where the damage has already been done, and your password has already been changed/you can’t gain access. You can still file a report that your account has been compromised. The process will involve verifying your identity to prove you are the original account holder. It will also require specifics about how your account was stolen (like if you were a victim of phishing, had malware installed, or logged in on a shared device).

A person holding a phone with the Facebook app opened in their right hand.

Stay secure and protected

Unfortunately, it happens to the best of us. We lose our personal information and are placed in terrible situations where bad actors take advantage. But most importantly, never give out your information freely, and don’t click on untrusted links. If you are using Facebook Marketplace, be aware of its potential scams.