In recent years, many Facebook users have reported receiving messages from friends or strangers asking them to provide a code that was sent to them via text message. This often comes with some story about the sender needing the code to verify their account or enable a new feature. However, providing this code can actually give a scammer access to your Facebook account.
Here are some quick answers to common questions about this scam:
What is the Facebook code scam?
The Facebook code scam involves a scammer sending you a message claiming they accidentally reported your account as hacked or sent you a code by mistake. They will ask you to send them the 6-digit verification code that Facebook sends via text message when suspicious activity is detected.
Why do they want your code?
The scammers want this code so they can access and take over your Facebook account. Facebook uses these codes as part of its two-factor authentication security process.
Is it really my friend/family member messaging me?
The message appears to come from a friend or family member, but it’s actually a scammer who has compromised their account. Do not provide any codes even if it seems to be someone you know.
What happens if I give them the code?
Providing the 6-digit Facebook verification code gives the scammer full access to your Facebook account. They can then lock you out, message your friends with more scams, access personal information, and post content as you.
How the Scam Works
The Facebook code scam typically works in the following way:
- You receive a message on Facebook Messenger that appears to be from a friend or family member you know.
- The message claims they accidentally reported your account as hacked or disabled and apologizes.
- It goes on to say that to re-enable your account, Facebook is making them confirm it’s really you by sending a 6-digit verification code to you.
- You are asked to simply reply back to them with this code so they can enter it and confirm your identity.
- If you provide the code, the scammer can now access and take over your Facebook account.
The message may claim to be from a close friend and use language like “Hey it’s me” or “Sorry about that!” to seem more legitimate. However, the account messaging you has actually been compromised.
Examples of the Facebook Code Scam
Here are some examples of the messages you might receive as part of this scam:
Accidental Report Scam
“Hey! I’m sorry, I accidentally reported your Facebook profile as hacked. Facebook asked me to get a code from you to confirm it’s your account. Can you send me the 6-digit code they texted you so I can submit it to Facebook? I want to fix this quickly so you get your account back!”
Accidental Disable Scam
“Oops! I went to log in to my Facebook account but accidentally entered your phone number and now Facebook thinks I’m trying to hack you. They disabled your account as a precaution and sent a 6-digit verification code to your phone to make sure it’s really you trying to log in. Could you send me the code so I can give it to Facebook to reactivate your account?”
New Feature Scam
“Facebook told me to get a 6-digit code from you in order to activate some new account privacy settings. Apparently this is a new security feature. Once I enter the code they texted you, it will enable enhanced privacy on your account. Can you send me the code real quick so I can wrap this up?”
Key Details Showing it’s a Scam
While the messages may seem legitimate at first glance, there are some key details that reveal it’s a scam attempt:
- Facebook would never proactively disable your account without notice or make someone else confirm your identity.
- Facebook does not send verification codes to friends – only directly to the account holder.
- Facebook does not require you to share your verification code with anyone, for any reason.
- Account holders would receive a notification from Facebook if their account was reported or disabled, not just from a friend.
Any message asking you to provide your personal Facebook verification code is a scam.
Who is Behind the Facebook Code Scams?
These Facebook code scams are perpetrated by a variety of cybercriminals and scammers, including:
- Individual hackers who compromise Facebook accounts to run scams from.
- Organized cybercriminal groups based internationally or domestically.
- Scam call center operations often located overseas.
- Bots that automatically send out scam messages to many users.
They obtain access to accounts through:
- Hacking or credential stuffing attacks
- Malware on devices
- Phishing sites and emails
- Social engineering via messaging
- Purchasing compromised account credentials
The scammers are able to make the messages seem more legitimate because they are often sending them from real compromised accounts of family, friends, or celebrities.
How to Protect Yourself from the Code Scam
Here are some tips to avoid becoming a victim of the Facebook verification code scam:
- Be skeptical of any message asking you to provide personal information or security codes.
- Do not provide your verification code to anyone – Facebook will never ask you to share or re-send this code.
- Use two-factor authentication via an app like Google Authenticator – this generates codes that are only valid once.
- Check that account messaging you directly in the app – scammers often hide behind profile pictures.
- Hover over links before clicking to check their real destination.
- Secure your Facebook account and other online accounts with strong, unique passwords.
- Run antivirus/malware scans regularly to detect and remove threats.
- Enable login alerts to watch for unrecognized access attempts.
- Monitor your account settings for any unauthorized changes.
Being cautious and skeptical whenever you receive an unusual request for personal information online will help protect you from these types of scams. Report any scam attempts to Facebook using their reporting tools.
What to Do if You Already Shared Your Code
If you unfortunately already provided a scammer with your Facebook verification code, take these steps immediately:
- Log in to your Facebook account if you still can and change your password. Enable two-factor authentication if it is not already on.
- If you cannot log in, use Facebook’s account recovery process to try regaining access.
- Report the unauthorized access to Facebook so they can lock the account and investigate.
- Contact friends and warn them your account has been compromised. The scammer may message them next.
- Scan all your internet-connected devices for malware, which may have been used to compromise your accounts.
- Reset passwords on any other online accounts that may be at risk since the scammer has some personal information about you now.
- Watch for any unauthorized charges to financial accounts linked to your Facebook account.
You will need to regain access to your account through Facebook’s account recovery process if the verification code was used to gain entry before you could secure it. Make your account more secure for the future so this does not happen again.
The Bottom Line
The Facebook verification code scam takes advantage of users’ willingness to help their friends and families in what appears to be an urgent situation. However, no one needs anyone else’s personal Facebook code number – ever. This is always an attempt to steal your account. Protect yourself by never sharing your code with anyone. Enable two-factor authentication through a secure app, use strong passwords, and monitor your account closely. With awareness and proper security habits, you can avoid becoming a victim of this prevalent scam.
| Type of Scam Message | Details That Indicate It’s a Scam |
|---|---|
| Accidental report of your account |
|
| Accidental login with your number |
|
| Need code to enable new settings |
|
| Who Runs These Scams? | How They Get Access to Accounts |
|---|---|
|
|
| Ways to Protect Yourself | What to Do if You Shared Your Code |
|---|---|
|
|