Fake Facebook support scams work because they catch people at a vulnerable moment: you are locked out, hacked, or panicking about a disabled account. Scammers use search ads, cloned pages, and convincing "support" language to get you to call a phone number or install remote access software. Once they have that foothold, they can take money, take accounts, or both.
If you already called or installed something
| What happened | Do this first | Why |
|---|---|---|
| You called a number and shared login details or codes | Change passwords from a known-good device and secure the email inbox that can reset Facebook. | Codes and passwords are enough to take the account immediately. |
| You installed a remote access app or let someone control your device | Disconnect the device from the network, remove the app, and assume the device is compromised until validated. | Remote access can enable session theft, banking fraud, and persistent compromise. |
| You paid (gift cards, wire, crypto, card payment) | Contact your bank or card issuer quickly and preserve all receipts and chat logs. | Some payment types are time-sensitive for dispute options. |
| You only visited a page and did not interact | Do not revisit the page. Check your real account notifications directly inside Facebook. | The scam relies on repeated engagement and urgency. |
Safety note: never install "support" apps, browser extensions, or screen-sharing tools because a stranger told you to. That is a standard takeover move.
How this scam usually reaches victims
Most victims do not start by searching for "scam". They search for help: "Facebook account hacked", "Facebook disabled", "Facebook support", or "recover Facebook". Scammers buy ads for those searches or publish pages designed to rank in results. The ad or page looks legitimate, then funnels the victim to a phone number or a fake support workflow.
The key insight is that the scam is not about Facebook as a platform. It is about controlling the moment where you need recovery help. That is why similar scams exist for Google, Apple, Microsoft, and banks.
What scammers ask for (and why it is dangerous)
- Password resets and verification codes: these give direct access.
- Remote access: this bypasses many protections by letting the attacker operate as you.
- Payment to "unlock" or "verify" the account: the payment is the product, not the recovery.
- Personal documents sent to a stranger: increases identity theft risk and enables follow-on scams.
If you want a general model for these fraud patterns, the FTC describes common tech support scam mechanics here: tech support scams (FTC).
How to get real help safely
When you are locked out or hacked, use the official, in-app recovery paths and the official help center. Avoid phone numbers in comments, DMs, popups, or sponsored search results. If a "support" contact found you first, assume it is hostile until proven otherwise.
Use these internal recovery playbooks for Meta incidents:
- what to do if your Facebook is hacked
- unexpected Facebook password change email
- signs your Facebook has been hacked
If you gave remote access: containment steps that matter
Remote access incidents are not only about Facebook. Treat them like a device compromise:
- end the remote session immediately and uninstall the remote tool
- check for unknown device management profiles or accessibility permissions
- change passwords from a separate, known-good device
- review financial accounts for new payees and transfers
- preserve evidence (screenshots, phone numbers, receipts) before wiping anything
If you want a broader first-response checklist that applies to many situations, use been hacked? take these steps immediately. If you are tempted to pay someone who claims they can "hack" the account back, do not. That is a common follow-on scam: do not hire a hacker.
Reporting the scam
Reporting helps, but do it safely. Use official reporting portals and include evidence. The FTC reporting portal is here: ReportFraud.ftc.gov.
Most people want a single definitive fix. The reality is a safer routine: use official recovery paths, keep your inbox and phone recovery channels strong, and treat unsolicited "support" contact as an attacker until proven otherwise. When you slow the decision down and verify the channel, these scams lose their leverage.
Over time, resilience looks simple: you type official URLs directly, you avoid sponsored "support" results, and you never give strangers control of your device. That discipline prevents a stressful lockout from turning into a second incident that is harder to undo.