How to report phishing to Facebook

Facebook phishingFacebook has today announced a new way in which it hopes to combat phishing scams targeting its 955 million users.

In a post to its Facebook Security page, the social network has explained that the public can now report Facebook-related phishing emails directly to the company.

All you have to do is forward the phishing email to the following email address:

[email protected]

Facebook says in its post that by forwarding the message you are helping combat attacks, and could assist in forcing phishing websites offline:

Sign up to our free newsletter.
Security news, advice, and tips.

By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate. We will then work with our eCrime team to ensure we hold bad actors accountable. Additionally, in some cases, we'll be able to identify victims, and secure their accounts.

They don’t say so in their post, but I would imagine that Facebook’s security team would appreciate it if you would forward any phishing messages you receive *with* the full email headers if possible, as that helps determine where the emails have really come from.

Of course, regular Naked Security readers would hopefully never click on a link in an unsolicited email purporting to come from Facebook. Or, at the very least, would have some alarm bells ring and be able to tell that they had reached a *fake* Facebook login page.

For a bit of fun, here is a screenshot of a Facebook phishing webpage. Would you and your friends be able to see why this page is clearly bogus?

Fake Facebook login page

Find out the answers to that puzzle here.

Oh, and if you have the time, don’t forget to learn about how you can explain phishing to your grandma with our free Threatsaurus book.

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 180,000 people.

Hat-tip: reader Michael Johnson

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.