The easiest way your Facebook account is compromised is by tricking you into giving the hackers your password. You may get a notification on Messenger from a friend on Facebook, saying something like “Did you see that picture! OMG” with a link for you to click on.
You click on it.
It looks like Facebook, but suddenly you’re being asked to enter your log in again information again. You don't think twice about it and you type in your email and password.
The problem is that the website that you just gave your password to isn’t actually Facebook.com, and now they have your current password.
The best way to avoid this is to follow the steps below.
1. Turn on two-factor authentication
2. Run a security check in your Facebook account
3. Enable alerts about unrecognized logins
4. Update the email address associated with your account
5. Change your password periodically
6. Check the apps that have access to your Facebook account on a regularly basis. If you recognize an app but you haven’t used it in a while and you don’t think you’ll need it — delete it.
If something LOOKS off or it seems weird, it is! — don’t give them your password!