Have you received an email supposedly coming from Facebook saying that your account requires advanced security from Facebook Protect? The email will likely create an urgency to enable Facebook Protect shortly; otherwise, your account will be locked out, which is why it seems suspicious.

The email is legit, and Facebook's parent company, Meta, has been sending it to accounts with wider reach on the social network, but it might still seem like a scam to you. How else can you verify its legitimacy? And how should you respond if it turns out to be a scam after all?

Is "Security@facebookmail.com" a Safe Email Address?

Facebook Notification That User's Account Has Been Temporarily Locked

Security@facebookmail.com is the email address that Facebook uses to send security-related emails to its users. If you receive an email from the email address containing the same email domain (@facebookmail), it's legit and coming from Facebook. You should follow the directions in the email.

What Does the Email From "Security@facebookmail.com" Look Like?

Facebook has been sending a special security email to accounts with large audiences, running essential pages, or which have great community significance, notably from an address that reads "security@facebookmail.com".

In the message, Facebook says the person receiving it has a broader reach on the platform, so they may be more susceptible to attacks from cybercriminals. To counter that, the email encourages them to enable Facebook Protect on their accounts, which is an exclusive feature for limited users.

Although the overall content of the email appears genuine, it loses some credibility when users are told they will be locked out of their accounts if they do not activate Facebook Protect by a certain date. While this urgency should raise suspicions, rest assured that the official email from Facebook does contain this urgency clause.

Facebook cares about your privacy and security, and wants you to enable its relatively new Facebook Protect feature to make your account more secure. It's as simple as that!

But could the email asking you to enable Facebook Protect also be a scam? It's possible...

Is the Facebook Protect Email a Scam?

Laptop Placed on a Table With Facebook Protect Account Settings Open on It

When companies like Meta send out a specific email to a large audience, scammers use it as a jumping-off point to execute phishing attacks. They make an email appear official and use the same context to trick users. That may also be the case with the Facebook Protect email you just received—though the chances are comparatively slim right now.

In light of this, you should ensure that the email asking you to enable Facebook Protect comes from Facebook itself, so you can avoid being scammed. But how can you verify it?

How to Check the Email You Received From Facebook Is Legit

Perform the following checks to verify that the email you received from Facebook is legitimate:

  • In the majority of cases, Facebook sends the email to enable Facebook Protect by the email address, "security@facebookmail.com". Is the email address from which you received the email different from this one? If so, you may be dealing with a scam.
  • Facebook doesn't include a link in the email to enable Facebook Protect, nor does it direct users to log in directly from the email. So if the email you received contains links and buttons, it's a scam.
  • Facebook also lets users view recent emails they received in their account security settings. That's another way of verifying the legitimacy of the email. For this, log into your account, click on the profile icon in the top-right corner, navigate to Settings & privacy > Settings, and then click Security and login in the left-sidebar.
    Opening Facebook Settings on Facebook Web Client
    Afterward, click the View button next to See recent emails from Facebook under Advanced.
    Clicking on View to View Recent Emails From Facebook in Facebook Web Client
    If the same email you received appears here, it's official. Otherwise, it's a scam.

How to Respond to a Legit Facebook Protect Email

If the email you received from Facebook requesting you to enable Facebook Protect meets all three conditions listed above, enable it for your own security. You can enable Facebook Protect by following these steps:

  1. Log into your account.
  2. Click on the profile icon in the top-right corner.
  3. Navigate to Settings & privacy > Settings.
  4. Click the Security and login tab in the left sidebar.
  5. Click on Get Started button next to Facebook Protect.
    Enabling Facebook Protect in Facebook Settings
  6. Then, follow the on-screen instructions to activate Facebook Protect.

The Facebook Protect feature is only available for a limited number of Facebook users. And Facebook removes this feature from certain accounts when it feels that the account no longer meets the criteria to enjoy it. If you cannot find this option despite enabling it before, it signifies that your account no longer meets the eligibility criteria. So don't worry about it having been a scam!

How to Respond to a Fake Facebook Protect Email

If the email you supposedly received from Facebook asking you to enable Facebook Protect does not meet the conditions listed above, it is probably a scam. So you should be cautious enough not to fall victim to any of its traps.

Don't click on any link or button embedded in the email account that claims to activate Facebook Protect or supposedly enables you to log in. Otherwise, you could end up getting your Facebook account hacked. And certainly don't download or open any attachments added in the email. Otherwise, your browser will be hijacked, or your device may become infected.

In addition, you need to block the address that sent the email and delete the message. This way, they won't be able to attempt any other phishing scam from that account, which will prevent you from falling victim to it.

What to Do if You Fall for a Fake Facebook Protect Email Scam

Man sitting infront of a MacBook with one of his hands on his forehead

If scammers get the best of you and you fall for the fake Facebook Protect email scam, you should take immediate action to minimize the damage they could cause. If your profile has been hacked after clicking a link in an email, do not waste any time in recovering your Facebook account.

Once you successfully recover it, ensure that no changes have been made to the administrator permissions on your Facebook pages; review the last posts made through your account; check comments made via your profile; and analyze any other activity that could negatively impact your reputation.

Message your friends to tell them what happened and warn them not to follow anything they received from your end during the time you didn't have access to your account. You should also unlink any apps or websites where your account was used to sign in. These are the simple things you should do if your Facebook account gets hacked.

If you clicked on a link in the email and it downloaded software, delete that and run a malware scan to ensure your device isn't infected.

"Security@facebookmail.com" Is Legit (but You Should Still Be Careful)

Fraudsters are very good at mimicking official emails and making them appear legit. Hopefully, knowing the context of Facebook Protect email will help you distinguish fake emails from real ones. Additionally, those tips will assist you in limiting the damage if you mistakenly fall victim to such phishing emails.