Facebook hacked – phishing scam prompts you to enter password to seize control of your account

I woke up in the middle of the night and naturally, checked Facebook before turning over in my bed to go back to sleep. Because that’s what everybody does, right?

A notice to re-enter my password popped onto my screen. This happens sometimes, so I re-entered my Facebook password. Must have entered it wrong, I thought, because the notice popped up again. Annoying – this time I know I entered it right.

So I hit the back key and became instantly suspicious. My Facebook connection was working fine. Uh oh. I probably just gave my password to some hackers. What looked like a password prompt was probably phishers looking to secure my account. I knew what was coming next:

Hackers who get access to your account by tricking you into giving them your password, change your account’s email address to an address they control. And they change your account password and lock you out of it. This gives them complete control over your account.

I don’t know how to resolve a problem like this through a phone app, so I got out of bed and logged into Facebook through my laptop browser. I was told that I was trying to login with an old password and had recently changed my password. “Last Thursday,” the message said – although this is Tuesday and last Thursday I did not change my password. Until just now, I had used the same password for years.

Facebook offered to email me a code to change my password again but no joy, the email never arrived. The hackers had probably changed my email address already. But never mind: Facebook also offered to text me the code. I don’t remember connecting my phone number to my Facebook account – I use an app called Fast to access Facebook from my phone – but I guess I must have done so at one point because the promised text message arrived right away, instantaneously.

I entered the code, changed my password and logged in from the login screen. Facebook ran a security check and voilà: because I acted fast, harm to my privacy and access to my Facebook account was averted. If you’ve been victimized too, do the same thing and change your password as quickly as possible. If you haven’t yet associated a text-capable phone with your Facebook account, do that as soon as you can.

How did I know I was logging into the real Facebook when I logged in after changing my password? Because I typed facebook.com into my browser’s URL address bar (not the search bar) and hit enter, which brought me directly to the main Facebook page login screen.
facebook url

Phishing Attempt #1 averted. Now I was hit with Phishing Attempt #2.

I got an alert to enter my password in System Preferences. This request was a 2 alarmer. For one thing, Facebook does not interface with my computer’s system preferences at all, ever! and 2 – the prompt made the request referencing an old email address I rarely use anymore. The solution to this is simple though: hit “cancel” repeatedly until the prompt goes away.

Portals accessible through your browser, like Facebook, are given the option by the browser to store a username and password in the browser preferences. But this is radically different from accessing your system preferences, which control your whole computer – and not just what you do online, or on Facebook. Funny thing is, some people use just one password for everything they do computer-wise so maybe the hackers who designed this phishing scheme are looking to get access to entire computers, and not just Facebook accounts.

If this is how you handle your computer’s security, change that too. You must use different passwords for the different situations requiring a log-in.


Just for the moment, it might smart to stay away from Facebook altogether, while their team figures out what is going on and how to stop it. This shouldn’t take more than a few hours, or a day at most.

So, in conclusion, if you think your Facebook password has been compromised, change it immediately. And, good luck. May the force be with you 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *