Do NOT EVER click on an unsolicited link in FB Messenger from one of your friends or family. Ever! If you get a link, call this individual and ask them if they sent it. One of my friends clicked on a link and he lost control of his FB account. Case in point. I started chatting with a friend of mine over a period of two weeks. Just chatting about life. His responses were reasonable. He wanted to show me a gold/oil investment thing he was doing. I thought it was legit because it came from him. I signed up but did not provide any banking information. Then he wanted to walk me through making an investment but I was slammed and did not have the time. Then he messaged me and asked me for my number because he lost it. Keeping in mind he is in New Mexico, I kept getting calls from an Arkansas number. I called it back and it went to a Google number. A man answered who was obviously from overseas and I hung up.
I then did a GoDaddy Whois to find out who owned the domain and where it was hosted. The ownership was private but I reached out to the hosting company in NIGERIA and reported this investment site as a scam and they promptly took it down. They gave me the name of the account holder, which I gave to the FBI. They reached out to the hosting company and deleted all of this individuals accounts, over 100. After I trashed this guy, he deleted my friend’s account.
Lastly, there is a difference between being hacked where you lose control of your FB account and being spoofed where somebody sets up a duplicate account, as you, to scam your friends.
Hacking means they have your user/password. They get this from you clicking on a link, unless this data is in the dark web. They go in and change your e mail address and password and then just chit chat with you until they either need money for an emergency or want to present you with a business opportunity. Because they have control of your Facebook account, they will look at your chat history to develop a profile on you to make it seem like you are chatting with a friend. and will eventually try to scam you.
Spoofing is where somebody creates a duplicate profile on accounts where your friends list is public. They send friend requests to this public list trying to get them to like this profile so they can eventually try to scam you. Keep your friends list private or at least only sharable with your other friends.
Think about it. You already have this individual as a friend and they are sending you another request? Look at the profile and then reach out to your friend through their real account to confirm. When you are on this fake account, over to the right, you will see three black dots in a grey box. You can report this profile to Facebook as a fake account.
Privacy. You may not know this, but even if you do not have Facebook up on your computer or phone, unless you are signed out of Facebook, they are tracking your browsing for data they can use in their marketing. The ads you see when you are on Facebook. Lastly, use DuckDuckGo as your browser unless you want Bing and Google to use your browsing data to direct ads to you.