Very technically, the answer is yes! Facebook Messenger can help facilitate one of the most potent and successful forms of hacking: phishing.

Hi, I’m Aaron. I’m a cybersecurity professional who believes cybersecurity is most greatly promoted by education and awareness. 

In this article, we’ll cover what phishing is and how it happens through Facebook Messenger. We’ll conclude by discussing how to be aware of and avoid phishing. 

Key Takeaways

  • Phishing is a kind of attack that relies on trust through electronic messaging to gain information, account access, or steal money. 
  • Facebook Messenger facilitates phishing attacks because of what the platform is intended for. 
  • Avoid phishing by not engaging. 
  • If you feel the need to engage, be very careful with the information you provide. Never provide your account information.
  • You should also refrain from clicking web links unless you’re absolutely sure that the link is legitimate. 

Phishing and How It Happens

Phishing is a confidence scheme delivered electronically. That means it’s a kind of fraud perpetrated through electronic messaging where a scammer or hacker tries to get you to provide information or money or download malware.  

Typically, phishing works because it takes advantage of the human propensity for trust, greed, or urgency. Most kinds of phishing mix two or three of those elements. 

A scammer will pretend to be someone you would provide your account or personal information to. Alternatively, they can pretend to be someone from whom you would download a file. That could be an online friend, acquaintance, or a business representative.

The scammer will either try to entice you to act because you’ve won something or will gain some other kind of benefit or payment. Alternatively, the scammer can appeal to urgency and suggest that you’ll lose your account or face some other kind of penalty. 

Phishing is one of the most common forms of cyberattack. It’s so common because it’s so successful. 

How Facebook Messenger Helps Phishing

Facebook Messenger is an online chat service. Its function is to connect people with common interests, friendships, identity, or whatever reason people would be friends on Facebook. 

Where phishing relies on establishing trust, Facebook Messenger lubricates that process. Someone reaching out to you on Facebook Messenger has a reason to do so, and you have a reason to read their message. 

Because you anticipate a connection going in, you’re more likely to form that connection and provide the scammer with what they want. 

How to Protect Yourself from Phishing

Protecting yourself from phishing is hard. You need to subvert your own expectations and behave contrarily to how you’d instinctively behave. Scammers and hackers are also really good at phishing; they’ve honed their craft because they’re greatly incentivized to do so. 

Here are some tips to stay safe online…

1. Don’t Engage

This is the best and most effective advice. If you don’t engage with a scammer, you won’t be scammed by that interaction. So, if you receive an unexpected message out of the blue, don’t respond to it. 

Scammers can be persistent. They can also suggest something bad will happen if you don’t respond. 

If you get one of those suggestions and the source appears to be legitimate because it’s someone you know or a business, independently verify with them. Call or otherwise contact the person or business. Businesses publish contact information publicly online. 

Validate the request or message. If it’s legitimate, deal directly with the person or business and don’t engage through Facebook Messenger unless they specifically instruct you to do so. 

If you decide to engage…

2. Don’t Give Personal Information

Scammers may ask you for private personal information, financial account information, or other account information. Don’t provide any of that, especially not over Facebook Messenger. 

The exception is when you’re absolutely certain that you can and should because the person you’re talking to is legitimate and trustworthy. For example, if you’re making plans with friends and they ask for your phone number or other contact information.

You should also…

3. Never Click Links

Scammers will try to take you off Facebook Messenger to input your account or other personal information into a website. They may also drive you towards a file download which, in turn, can deploy malware on your computer. 

Don’t click links in Facebook Messenger unless they’re expected and you believe them to be completely legitimate. Even then, be careful when opening files or inputting information on a third-party website. Verify the web address or URL. 

Finally, remember…

4. The Less Information You Provide The Better

You want to make sure you don’t ever divulge too much personal information online, especially with people you don’t personally know. The more information someone has, the easier to impersonate you or guess your account information. 

Under no circumstances should you share username and password information online unless you’re logging into a website you absolutely know to be legitimate. Once a scammer or hacker has your username and password, they can log in and take over your account. 


Here are some answers to popular questions related to hacking through Facebook Messenger. 

What are the Signs that Your Messenger is Hacked?

Atypical information and behavior. The most atypical is not being able to access Messenger at all. But if you do log in and see unexpected conversations, then you may be hacked. 

What Happens if You Reply to a Hacker on Messenger?

Nothing unless you provide information or click a link. The less you engage, the better. If you don’t provide personal information, account information, or clock links that go off Messenger you’ll be fine and it’s just a conversation. 

Can Someone Hack Your Account by Replying to a Message?

No. Simply replying to a message doesn’t result in you getting hacked. You need to engage further by providing personal information, account information, or interact with links. 


You can be phished through Facebook Messenger, which is a method of hacking you personally to hack your accounts or devices. It’s really tough to tell phishing from legitimate interactions sometimes. As long as you refrain from providing too much information or interacting with web links, you should be mostly safe.

Do you have any examples of phishing you identified? Let me know about it in the comments below!