How to Check Legitimate Email from Facebook

Posted by

How to Spot Legitimate Email from Facebook

I unexpectedly received an email notification containing an account recovery code from Facebook, despite not initiating any account recovery process. In this article, I will share my personal encounter with this unusual email and share insights on how to handle such situations.

The Unexpected Account Recovery Code:

One evening, while going through my inbox, I noticed an email with the subject line, “Facebook Account Recovery Code.” Curiosity and a hint of anxiety filled my mind as I wondered why I had received such a message. The email’s content consisted of a recovery code and instructions to enter it on the platform to regain access to my account. This bewildered me because I had not made any account recovery requests.

1. Take a Deep Breath:

My initial reaction was to panic, thinking that someone might have gained unauthorized access to my Facebook account. However, I took a deep breath and reminded myself to stay calm and think rationally. Reacting impulsively to such situations can lead to hasty decisions and potential security risks.

2. Verify Recent Account Activity:

Before taking any further steps, I logged into my Facebook account using the official app and checked my recent account activity. To my relief, there were no suspicious logins or unauthorized access attempts recorded. This provided some reassurance that my account was secure at that moment.

3. Avoid Clicking on Links:

Despite the temptation to click on the link provided in the email to understand the situation better, I refrained from doing so. Clicking on unfamiliar links in unexpected emails could lead to phishing attempts or malware infections. It’s essential to prioritize safety and avoid interacting with suspicious elements.

4. Reach Out to Facebook Support:

Given the sensitivity of the situation, I decided to contact Facebook support directly to inquire about the email’s legitimacy. Facebook provides a dedicated support system where users can report potential security concerns and get assistance. After explaining my situation, they promptly verified that the email I received was indeed a legitimate account recovery code from their system. They clarified that this code was generated due to a security measure they implemented to protect users’ accounts proactively.

5. Enable Two-Factor Authentication (2FA):

To further enhance the security of my Facebook account, I took the opportunity to enable two-factor authentication (2FA). This additional security layer requires users to enter a code sent to their registered mobile number whenever they log in from an unfamiliar device or location. Enabling 2FA provides an extra level of protection against unauthorized access to your account.

Actual email that I received.

This is the actual email I received. coming from security@facebookmail.com

Note: Don’t click anything it can be a phishing link

If you are using a laptop/desktop, We can see the link by hovering the change password button(don’t click it), it will reveal the destination of that link.

the link will show on the left bottom side of the browser, Check the domain if it is a legit Facebook domain. https://www.facebook.com/

How to verify if security@facebookmail.com (Facebook) sent this email?

  1. Click your profile icon and go to Settings & Privacy

2. Click Settings

3. Click Password and Security

4. under the Account settings click the Password and Security option

5. Under Security Checks, There is an option that can check Facebook recent emails click that.

6. There are two options Facebook and Instagram. You can check both, but in this tutorial, We will choose a Facebook profile.

7. We will see under the security tab Facebook has not sent any email in the past 2 weeks.

But how we can really be sure if security@facebookmail.com is a legit Facebook email? We can simulate the forgot password if the recovery code sender is the same as this email sender (security@facebookmail.com).

  1. Login to Facebook but enter a wrong password

2. Facebook will prompt the wrong credentials, Click Forgot Password

3. Enter your email account that is connected to your Facebook and click search.

3. Click Continue to receive the code in your email.


The email sender is from Facebook and is legit, someone knows my email and tries to access my Facebook account, that’s why I decided to change my password and log out all sessions from my devices to make sure that the hacker can’t access my account.

The unexpected Facebook account recovery code email taught me a valuable lesson in staying vigilant while using online platforms. It is essential to maintain a composed approach when encountering unfamiliar situations. Verifying recent account activity, refraining from clicking on suspicious links, and reaching out to official support channels are crucial steps in ensuring account security.

While the email I received turned out to be legitimate, it underscored the importance of maintaining strong security practices, such as enabling two-factor authentication. By taking proactive measures and staying informed, we can better protect ourselves from potential security threats and enjoy a safer online experience. Remember, prioritizing security and being cautious can go a long way in safeguarding your digital presence.