Okay, I’m throwing this out to the Hive Mind.
I got a notice on my Facebook page and an email telling me that I have been identified (by Facebook/Meta) as having an account that is a potential target for hackers. If I don’t engage Facebook Protect I will be locked out of my account.
This is plausible, but it also sounds like a phishing scam as well. Here’s text from the email:
Your account requires advanced security from Facebook Protect
Your account has the potential to reach a lot more people than an average Facebook user. Hackers are often motivated to attack accounts that have a lot of followers, run important Pages, or hold some community significance.
To help defend against these targeted attacks, we require Facebook Protect for your account.
Turn on Facebook Protect for your account by 28 April 2022. After that, you will be locked out of your account until you enable it.
• |
We’ve already turned on advanced login protections for your account. |
• |
To fully enable Facebook Protect, we’ll check your account for vulnerabilities, and help you resolve them.
Note: Facebook Protect isn’t available to everyone on Facebook. We require stronger security for your account because it has the potential to reach a large audience. |
|
Thanks so much,
The Facebook Team |
|
|
There are a number of steps I can take by going to my profile and having Facebook examine my settings — but this seems to be going a bit farther. Has anyone else run into this?
...You'd be forgiven for thinking the email is a phishing scam. "Your account requires advanced security" sounds ominous, and Facebook is asking you to act quickly by clicking on a link. Throw in the unfamiliar Facebookmail.com domain, and it has sketchy written all over it.
Facebook has a tool to verify official communications from the company, but oddly, the Facebook Protect email did not appear inside this tool for the handful of PCMag staffers who received it recently. You can check by going to Settings > Security and Login (Password and Security on mobile) > See recent emails from Facebook.
Still, this request is legit. Facebook uses the Facebookmail.com domain for all official communications. If you're concerned about clicking on a link, just go directly to Facebook, and you will be prompted to enable Facebook Protect.
Why now?
Facebook Protect provides an extra layer of security for accounts the company deems to be high risk. It was initially set up to help elected officials, political candidates, and their staff avoid account hacks that could help spread disinformation. With the increased threat of a Russian cyberattackand the 2022 US midterm elections on the horizon, Facebook has expanded the program to include those with high follower counts, an association with important Pages, or who hold significance in the greater community.
Click on the Facebook Protect link in the quote above to go to Facebook’s own discussion of how it works.
The PC Magazine article has more information on how to go through your settings and other steps you can take. Definitely something to read if you are a user of Facebook. For those of you who have abandoned the platform — and there are plenty of reasons to do so — there are also reasons to stay on it, not least because of connections that are made through it and time/resources invested in it. If you are on Facebook, now would be a good time to have Facebook go over your profile to see if there are vulnerabilities.
One more thing from PC Magazine:
What If I Wasn't Asked to Enable Facebook Protect?
If you weren't specifically notified by Facebook to enable Facebook Protect, there isn't any action you need to (or can) take by the deadline. The option to enable the feature in your settings won't even show up until Facebook specifically asks you to sign up.
Facebook is expanding the program globally in 2022, but how that expansion will look is still unclear. In the meantime, the most you can do is preemptively set up two-factor authentication, if you haven't done that already.
This is Facebook FWIW, but cyber threats are not exclusive to it. If you are doing other things to protect your identity and your accounts, pass them on in comments. What anti-virus tools are you using? What else are you doing?