Facebook is asking more people to turn on Facebook Protect or risk a locked account

Android Police

By Ryne Hager

Published Mar 1, 2022

The company has confirmed the notices are real and customers should enroll

Many people are getting emails today which appear to be from Facebook, asking them to turn on Facebook Protect (with a handy link to the setting) or risk being locked out of their accounts. Security-savvy folk may be whispering "phishing attack" already, but Facebook confirms that the emails are real, and it's asking highly targeted Facebook users like journalists to enable the feature, using email to send notices to those who don't use the platform as often.

If you aren't aware of the feature, Facebook Protect is an extra level of security that can be enabled for higher-risk accounts, encouraging them to enable features like two-factor authentication and other settings that can be changed to make an account more secure. Facebook says that accounts with "the potential to reach lots of people may require stronger security" may be required to enable the feature, as the wave of emails today seemingly targeting journalists and other people of influential positions implies. Reports on Twitter indicate a lot of people got an email from Facebook asking them to enable the feature today.

The email some customers are recieving.

At first, some thought that the emails were part of a phishing attack, though there were corroborating details like an actually-from-Facebook email address (which can be spoofed). The unsolicited nature of the emails paired with a nebulous account-disabling warning seemed suspicious to many, but Meta's head of security policy Nathaniel Gleicher has confirmed that the emails are legitimate on Twitter:

Given current events in Ukraine and Facebook's recent crackdown on journalist-tied Facebook accounts, it's an understandable move. But some of those that have received the email, like TechCrunch's Mike Masnick, note that a manual account security check does not return any notifications for account-related issues. Facebook's own dashboard regarding security emails also makes no note of these communications.

Multiple folks at Android Police, including Cody Tombs and Daniel Bader, have received the same email. But not all of those receiving the email are seeing other prompts on the platform or a "top of the feed" notice to enable Facebook Protect, as one might expect and as Facebook claims.

This seemingly wider rollout of emails asking customers to enable the feature might be legit, but Facebook's communications strategy surrounding it hasn't been particularly good, especially considering that the very group these messages are targeting are the sort of people most trained to spot phishing attacks and other unsavory behavior — not that transparency has ever been Facebook's forte.

If you are among those that received the emails today, we can confirm they're legit. If you're still concerned, though, you can manually enable the same features directly at Facebook's site. That should escape any account-locking measures in any event, and enabling two-factor authentication is always a smart idea.