Your account may be in danger if you receive emails from security@facebookmail.com — but not for the reason you think. Here’s everything you need to know to keep your Facebook account from being hacked.
Is security@facebookmail.com Legitimate?
Technically, security@facebookmail.com is a legitimate email address that Facebook uses to inform users of potential security issues. In fact, it’s the primary email address for the Facebook Protect service. But don’t let your guard down just yet — hackers can spoof email addresses.
The email could be related to bots, a technical issue on Facebook’s end or threat actors. In all likelihood, it’s probably the last option — Facebook login credentials leak or get stolen all of the time, meaning cybercriminals often try to get into accounts the legitimate way.
Cybercriminals could also be checking to see who still has an active account, who checks their emails for security alerts or who readily clicks on links. The danger here is that you could get your account stolen or unintentionally install malware onto your device.
How Can You Tell if the Email Is Legit?
Online searches won’t reveal your email’s legitimacy since security@facebookmail.com is technically legit. While some Facebook users say theirs was real, others claim it’s a scam. The only way to find out for sure is to click on a potentially malicious link, which you don’t want to do.
As we’ve mentioned, you can’t verify the email address since they can be spoofed. The same concept applies to URLs — hovering over them won’t reveal much. Now that hackers have artificial intelligence, you can’t even rely on finding spelling and grammar mistakes. Don’t be lured into a false sense of security because you don’t spot any obvious danger signs.
Four Ways to Verify the Email’s Validity
There are four ways to tell whether the email is a phishing scam or from Facebook.
1. Follow Facebook’s Warning
Facebook says it will never ask for login credentials in an email. It also says its emails won’t contain links, attachments or buttons to log into your account. If the sender sent you any of those, there’s a good chance it’s illegitimate.
2. Search Through the Metadata
Checking the email’s metadata can give you insight into whether or not it’s legit. This information is in every email, but it’s hidden unless you explicitly search for it.
Open, select or right-click the security@facebookmail.com email. To pull up the metadata on Gmail, click the three vertical dots and choose Show Original. On Outlook, click File and Properties. For Yahoo, click the three horizontal dots and select View Raw Message.
Here, you can view the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) — email authentication protocols that verify if emails are legit or not. Failed authentication is an indicator of spoofing.
You can also check the sender’s IP address — a VPN can spoof this, by the way — and who the email was delivered to. All that text might be challenging to understand at first, but those little details can help you determine if the email is legit.
3. Go to Security Settings
One of the fastest ways to tell if the email you got is legit is to go to your security and login settings. Here, you scroll down to See recent emails from Facebook and click on View. Any security-related emails sent within the last two weeks will be under the SECURITY tab.
If you don’t see any recent activity but have an email from security@facebookmail.com in your inbox, it’s most likely a phishing attempt. While there’s a small chance it could still be legit — a technical error on Facebook’s end — that scenario is unlikely.
4. Check the ID String in the URL
Legitimate emails from security@facebookmail.com should contain your Facebook ID number — a string of numbers associated with your account. If you hover over the link, it may look like this: https://m.facebook.com/login/recover/cancel/?n= [login code] &id= [Facebook ID] &i=m_basic.
What to Do About security@facebookmail.com Emails
We recommend not clicking on the email’s links, buttons or attachments, even if you think yours is real. When it comes down to saving a few seconds or protecting your account, the choice is clear. Spending a little longer navigating settings to reset a password or view a recent login attempt is worth the peace of mind.
You must take action even if you think the security@facebookmail.com emails are actually from Facebook. If they’re real, there’s a good chance someone is trying to brute force their way into your account. Whatever you do, don’t just ignore them.
Delete the emails and report them as potential phishing if you’re suspicious of them. Then, you should change your password — whether or not you’ve clicked on any suspicious links. If someone’s trying to steal your account, you want to strengthen your defenses.
First thing first — change your password. If you’re logged in, go to the Security and login tab in your settings, locate the Change Password section and hit Edit. If you aren’t logged in, go to Facebook’s login page, select Forgot Password? and proceed through the instructions.
Make sure your password is strong enough to protect your account. It should be at least 10 characters long and has a mixture of numbers, symbols and letters. Don’t use words, phrases, dates or sequential numbers because brute-force attacks can crack them faster.
What If security@facebookmail.com Keeps Emailing?
Blocking security@facebookmail.com ensures every official security-related email from Facebook goes straight to your spam folder — you don’t want that. Instead, you should contact Facebook to ask if the issue is on their end and if they can resolve it.
You should keep strengthening your security if you keep getting emails from this sender. Either way, someone is likely trying to take over your account. If you use multi-factor authentication, strong passwords or biometrics, there’s a better chance they’ll feel discouraged and stop trying to access your account.
Signs Your Facebook Account Has Been Compromised
So, you clicked on a link in the security@facebookmail.com email. Even if you immediately realized something was wrong, you may still be at risk. Here’s how to tell.
Your Contact Information Was Changed
Bad actors often change the mobile phone number, email or username associated with the account they are taking over to make recovery more difficult.
You Get security@facebookmail.com Emails
Emails from security@facebookmail.com are sometimes legitimate. Phishers like to wear their targets down with real security notifications, slipping in spam when they least expect it.
Your Username or Password Don’t Work
Once an account takeover attempt is successful, a password change is the first thing a hacker does. This is to prevent the legitimate owner from logging in.
What to Do if Someone Took Control of Your Account
Don’t lose hope if someone used the security@facebookmail.com email to take control of your account — there’s a way to get it back. The official way to recover a hacked Facebook account is to visit www.facebook.com/hacked on a device you’ve logged into Facebook with before.
After selecting My account is compromised, Facebook will direct you to enter the phone number, email address or user name associated with your account. Once it finds your account, it will ask you to complete several security steps, including verifying your identity.
You’ll get a temporary password, link or code that allows you to log in and change your information, taking back control from the phisher. It’s important to note that this method doesn’t always work — the person who stole your account may have changed your contact information.
What if the Phisher Changed Your Contact Details?
What often happens is the bad actor changes the phone number and email address associated with the account to keep you from regaining control. Any security updates or password request changes go to them instead of you.
The only option Facebook gives you is to select the Forgot Password link, which sends the phisher a link. While the site may give you a temporary login link, it often prompts you to log in to proceed. Alternatively, if the person who stole your account set up two-factor authentication, you can’t get past the prompt asking for a code. Many users get stuck in an endless loop.
The first workaround is to use the link that says, “No longer have access to these?” The platform will let you enter new contact information after you verify the account is yours. To get this option, you must be on a device you used to log into your account before it got hacked.
Another option is to use the Meta Accounts Center. On Instagram, go to Accounts Center > Connected experiences > Logging in with accounts > Manage logins. This way, you can log in to Facebook from Instagram, enabling you to reset your password and contact details. Act fast — this method exposes you to risk, as it may let the hacker take over your Instagram.
Should You Delete Your Facebook Account?
Deleting your Facebook account ensures you won’t have to worry about phishing emails disguised as Facebook ever again. It might be the best choice if you don’t use the site much anymore and are worried a threat actor could steal your login information and impersonate you.
1. Delete Your Account in Settings
The first deletion method involves settings. Scroll down to the Account Settings tab and select Personal Details. In the Account Ownership and Control section, click on Deactivation and Deletion. Once you hit Deletion, follow the instructions and confirm your choice.
2. Deactivate Your Account in Settings
If you don’t want to see any more emails from security@facebookmail.com but don’t want to delete your account, consider deactivation — it only temporarily disables your account while preserving your access to Facebook Messenger.
Follow the same steps above, but choose the Deactivate Account option when you get to Deactivation and Deletion. Follow Facebook’s instructions and confirm your choice to temporarily disable your account.
If security@facebookmail.com Emails Again, Act Urgently
Although there’s a chance security@facebookmail.com is legit, you should never be too careful. Repeat the steps to secure your account we listed above and contact Facebook for help.
Original Publish Date 3/17/2024 — Updated 1/2/2025
Recent Stories
Follow Us On
Get the latest tech stories and news in seconds!
Sign up for our newsletter below to receive updates about technology trends
Similar Content
