- Many people report repeatedly receiving Facebook recovery code emails.
- The practice is implemented at the hands of scammers.
- Facebook has some guidance for users who are getting these potentially dangerous communications.
Facebook is a great source of connection and information for countless users.
The social sharing giant also lends itself to being a target for scammers attempting to gain users' personal information. One way would-be criminals target Facebook users is via recovery code emails. Read on to find out what these emails are about — and what to do if you get them.
So, why do you keep getting those Facebook recovery code emails? You aren't alone!
Receiving Facebook recovery code emails is clearly a common problem, and has inspired many Reddit threads and X posts.
"I keep getting recovery emails when I haven't attempted to reset my password," one person vented on a Subreddit.
One commenters answer was ominous: "You need to be very careful to make sure that these emails truly originated from an authentic Facebook domain."
Of course, per Facebook, some password reset communications are completely innocent, and may have been prompted by a user who accidentally entered the wrong information.
"As long as you don't click the link to reset your password, no action will be taken and your account will remain secure," the company states.
But a lot of times, these emails are potential scam. If you receive a request for a recovery code to protect your account, it did not come from Facebook.
What should you do if you receive a suspicious email from Facebook?
If you take anything from this post, let it be this: Your personal information can be compromised if you engage with a phishing email. The best thing to do if you think your account is in jeopardy is to change your password and upgrade your security preferences.
In fact, in the app, you can turn on 2-factor authentication codes — which have 8 digits.
Meanwhile, the goal of scammers who send these emails is to get your personal information and use it for their own benefit.
The scam is especially convincing because per the Malwaretips blog, the email can mimic a communication from Facebook, even using the official logo and an email address that appears legit. The origin alias may even say “Facebook Security Team” or “Facebook Support”.
But once you plug in their requested 6-digit recovery code, you have a problem on your hands. Now, criminals can log in to your Facebook account and gain full access to your photos and contacts.
From there, a whole lot of bad can happen, so you never want to actually click on these emails or engage with them in any way.
Something to keep in mind when you are discerning between "good" and "bad" emails is that per Facebook, "Facebook will never ask you for your password in an email or send you a password as an attachment."
So what do you do if a fishy phishing email — or many of them — pops up in your inbox?
Facebook urges, "If an email or Facebook message looks strange, don't open it or any attachments. Instead, report it to email@example.com."