That 'Facebook Protect' notification is real — here's what you need to know
It only looks like a total phishing scam
Many Facebook users are getting messages and alerts that they need to upgrade their accounts to something called "Facebook Protect" — or risk being locked out of Facebook altogether.
"Your account requires advanced security from Facebook Protect" reads the subject line of an email message spotted by Android Police. The message goes on to say that Facebook Protect must be turned on by March 17 or "you will be locked out of your account until you enable it."
This may sound like a phishing scam, but it isn't. Facebook really is forcing some users to upgrade the security on their accounts, chiefly by activating two-factor authentication (2FA). Facebook Protect also adds "back-end threat detection so our teams can quickly respond to compromise attempts," as Facebook/Meta head of security Nathaniel Gleicher said in a series of tweets Tuesday (March 1).
Hey Mike -- thanks for flagging. Confirming that it’s an enrollment notice from us. You can also enroll by following the steps in the top-of-the-feed prompt or in your Privacy/Security settings on Facebook.March 1, 2022
Facebook Protect, launched in 2018, was originally meant to be used by political "candidates, their campaigns and elected officials," as a Facebook paper explaining the feature states.
Now it's being expanded to political activists and journalists, as a Meta blog post authored by Gleicher back in December said. At that time, 1.5 million accounts had already enrolled in Facebook Protect.
If you get such a message, there's an embedded button that takes you to the spot in your Facebook account settings where you can enroll in Facebook Protect.
Granted, all of this really does sound like a phishing scam. As a rule, we advise people not to click on links embedded in email or social-media messages. It's also possible that real crooks may now send out fake Facebook Protect notifications as part of real phishing scams.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Fortunately, eligible Facebook users can manually enroll in Facebook Protect. According to Nikki Rudd at WHEC-TV in Rochester, N.Y., you just need to follow these steps in a web browser after logging into your Facebook account.
How to enable Facebook Protect
- Click Account at the top right of the Facebook web page
- Click Settings & Privacy in the drop-down menu
- Click Settings in the next page of the drop-down menu
- Click Security and Login in the left-hand navigation bar
- Scroll down to Facebook Protect and click Get Started
- Click Next on the welcome screen
- Click Next on the Facebook Protect benefits screen
Like Rudd, a fair number of other U.S. TV news reporters are getting the new wave of notifications, to judge by several local-TV pieces from the past few days.
"Your account has the potential to reach a lot more people than an average Facebook user," reads a sample notification posted by Android Police. It adds, "Facebook Protect isn't available for everyone ... We require stronger security for your account because it has the potential to reach a large audience."
That smacked some Twitter users as unfairly exclusionary.
Why aren't the common people allowed the same option to protect their account? It would be nice to know my account had just as must protection as the next account!March 2, 2022
However, you can turn on most of the benefits offered by Facebook Protect simply by activating Facebook's two-factor authentication option.
How to enable Facebook's two-factor authentication
- Click Account at the top right of the Facebook web page
- Click Settings & Privacy in the drop-down menu
- Click Settings in the next page of the drop-down menu
- Click Security and Login in the left-hand navigation bar
- Scroll down to Two-factor authentication and enable it
The easiest way to receive 2FA one-time-use codes is via SMS text messages, but it's also the method that's most likely to have 2FA codes intercepted by hackers.
We recommend instead installing a free authentication app, such as Authy or Google Authenticator, on your smartphone, which will generate 2FA one-time-use codes right on your phone. Even safer are USB security keys, but you have to buy those before you can use them.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.