Malicious coders of the world try to gather Facebook usernames and passwords through many different means, including sending out scam emails that claim a password reset has taken place and offering to provide the new password. If you've received a password-reset email allegedly from Facebook, it's a good idea to be very wary of following the instructions in it.
If you forget your Facebook username or password, you can use online tools to request a password reset. Facebook will send an email to the address you have on file and allow you to click a link that will reset your password and let you log in again. If someone else enters your email address, thinking it's his own, then you would still get the reset email from Facebook. If that happens and you didn't initiate the password reset request, simply ignore the email and don't click on the link.
If you get an email asking for your Facebook password it is a scam. Facebook won't ask for your password via email. Whoever sent you the email is posing as Facebook support to try to gather your personal information and log in to your Facebook account. Even if the email appears to be from Facebook you can know that it's not if it asks you to provide any personal information via email.
Another way that Facebook password scams attempt to gather your information is through malware -- malicious software -- that they try to get you to run on your computer. In one scam, the malware is a file attached to an email; the message claims that your Facebook account password has been changed for security measures and the new password can be found in the attached document. Just like with phishing attacks, Facebook won't send your password via email and they won't assign you a password without asking you first.
If you do receive an email that appears to be from Facebook you can always check to see if it actually came from the company itself by looking at the email address. The part of the email address that's most important is the domain name -- the part that follows the @ sign. If it shows "facebook.com" at the very end of the email address then the email has come from Facebook, but if anything else comes after that, then the email is suspect. For example the email might come from an address of firstname.lastname@example.org. In that case the website "helpfiles.ru" has added "facebook.com" as a part of the email address, but the true source is "helpfiles.ru." If you have any doubt about the source of the email, don't click on the link; instead, open a new browser window, go directly to Facebook.com and log in that way to get any help with your account.
- Dan Kitwood/Getty Images News/Getty Images