Scam Message Checker

What to do if your Facebook was hacked

A compromised Facebook account can spread scams to friends. Recover access and review security promptly.

Quick answer

A compromised Facebook account can spread scams to friends. Recover access and review security promptly.

  • Use Facebook's account-recovery process
  • Change the password and log out all sessions
  • Enable two-factor authentication
  • Check where you're logged in
Most urgent

Do this now

  1. Use Facebook's official recovery and 'report compromised account' flow.
  2. Reset the password and turn on two-factor authentication.
  3. Warn friends about scam messages from your account.

Understanding what happened

When Facebook is compromised it often takes Pages, ad accounts, and linked logins with it, so a quick, orderly response protects more than just your profile. Meta's 'compromised account' recovery exists for this, and starting it early - while securing your email - gives you the best chance.

Attacks usually arrive as fake 'policy violation' or 'your Page will be unpublished' messages, or via a reused password. Once inside, criminals run scam ads, message your friends, and may lock you out by changing recovery details, which is why speed and email security matter so much.

Because Facebook login is used across many other sites and your email controls resets, secure the email first, then recover Facebook, then review everywhere you used 'Log in with Facebook'. Never pay a 'recovery expert' who contacts you - legitimate recovery is free through official channels.

After regaining access, reset the password, enable two-factor authentication, check active sessions and connected apps, and review Business/ad accounts for unauthorised spend. Tell friends to ignore any messages the attacker sent in your name.

First 5 minutes

  1. Use Facebook's account-recovery process
  2. Change the password and log out all sessions
  3. Enable two-factor authentication
  4. Check where you're logged in

First 24 hours

  1. Warn friends about fake messages
  2. Review connected apps and remove unknown ones
  3. Report the compromise to Facebook
  4. Check recovery details

Next 7 days

  1. Review where you're logged in and remove unknown sessions.
  2. Check email for unauthorised changes.
  3. Review connected apps.

What not to do

  • Do not pay anyone who promises to recover your money for an upfront fee
  • Do not act on follow-up messages claiming to be the fraud team
  • Do not delete evidence before saving it

Evidence to save

  • Screenshots of the message and sender details
  • Phone numbers, usernames, links, and account or wallet addresses
  • Transaction references, receipts, and amounts

How to save scam evidence →

How to report

  1. Gather your evidence first (screenshots, dates, amounts, any reference numbers).
  2. Report to your national fraud/cybercrime body and, if money moved, to your bank.
  3. Find the right official links for your country in the reporting directory.

Find official reporting links for your country in the reporting directory.

  • Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
  • Report quickly if money was sent or ID documents were shared; speed improves your options.
  • Keep your evidence - see how to save scam evidence.

Beware of recovery scams: no legitimate service guarantees getting your money back for an upfront fee.

Stop it happening again

Enable app-based two-factor authentication, review where you're logged in, and keep your recovery email secure.

For Pages and Business accounts, limit admins and review access regularly.

Related scam types

Related red flags

Related terms

This is general safety information, not legal, financial, or cybersecurity incident-response advice.

Still have the message?

Check it to understand the red flags and how to report it.

Check a message

Frequently asked questions

How quickly should I act?

As soon as possible. Fast action - especially contacting your bank - gives the best chance of limiting harm or stopping a payment.

Will I get my money back?

Sometimes, if you act quickly, but there is no guarantee. Be very cautious of anyone who promises guaranteed recovery for an upfront fee - that is a recovery scam.

The hacker is running ads from my account - what now?

Use Facebook's compromised-account recovery immediately, remove unknown admins, and contact support about fraudulent ad spend. Secure the linked email too.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.