4 popular ways crooks can steal your Facebook password

Our Facebook accounts are important. They allow us to communicate with friends and family, we upload albums of photos to share with friends and they store lots of our personal information.

Which is why it is very important that we keep them protected.

While we always recommend applying extra layers of security to your Facebook account (including two-step authentication so the password isn’t the only thing a crook will need to gain access) our Facebook password is still the most important piece of data concerning the security of our account. It’s the main lock to the front door, and the reality is that there are not many ways a crook can break into our account without it.

Of course this means that Facebook crooks have devised a number of ways to trick users into handing over their password. Here are 4 of the most popular and how they work.

4. Phishing your password

One of the most popular ways of tricking users into handing over their password is through phishing scams. Such scams are typically orchestrated over either email or chat, where the scammer will pose as Facebook and ask (or demand) you click a link they send you (usually to “confirm your details” or to “verify your account”, the stories can change depending on the specific scam.)

That link will direct you to a spoof Facebook login page that appears – upon a cursory glance – to be the real Facebook login page, but it’s actually on another website altogether. And users not vigilant enough to realise the web address doesn’t actually belong to Facebook will duly enter their login information, which is sent straight to the crook, who now has that victim’s password.


Sponsored Content. Continued below...




3. Data breaches from other websites

If there is one thing the last decade has taught us, it’s that big companies can suffer big data breaches. Hackers have gained unauthorised access to a number of high profile companies in the recent past, most notably Yahoo and Sony.

This inevitably leads to customer data being stolen from these companies, including customer passwords. Those password and email combinations are often leaked online for any willing cyber-crook to get their digital hands on.

But how does a data breach from a third party company put your Facebook account at risk? The answer; because a high percentage of online users still reuse the same password and email combination for multiple online accounts.

So while whatever company suffered the data breach may be locking down their security and forcing users to change their passwords, the smart crooks are off testing the leaked email and password combos on other websites, like Facebook.

2. Malware

Urgh, malware. The big problem with malware is that it can potentially do almost anything to your device should it manage to install itself. It can serve up spammy ads, redirect your browser to any website it likes, provide a backdoor for intruders to come and go as they please, encrypt your data …

…Or spy on you. Under the umbrella of spyware we have keyloggers, that can record every key you press and creates a report with all of that information. So every time you enter your email and password, it’s being recorded. And then that report containing your password gets straight to the cyber crook.


Sponsored Content. Continued below...




1. Fake Wi-Fi Networks

When you connect to the Wi-Fi network at the local hotspot, you browse available networks and choose the one you’d like to connect to. Simple. However what if someone created a fake network using their own router, used a similar Wi-Fi name, with the aim of tricking you into connecting to that instead?

Believe it or not, this type of crime is real. And when crooks manage to trick users into connecting to their fake network, they configure their own router to take you to bogus webpages. So when you enter Facebook.com into the browser, you can get forwarded to an unsecured spoof webpage, which steals your data.

Remember, knowing how Facebook crooks operate and how they try and steal your data is an important step towards educating yourself to avoiding their schemes.

Continued below...


Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.

We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here


Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X