Here are a few things you can do to keep your account safe:
Think before you click. Never click suspicious links, even if they come from a friend or a company you know. This includes links sent on Facebook (ex: in a chat or story) or in emails. If one of your friends clicks a spam link, they could accidentally send you or tag you in spammy posts. You also shouldn't download things (ex: a .exe file) if you aren’t sure what they are. Learn more about recognizing suspicious emails.
Watch out for fake Pages and apps/games. Be suspicious of Pages promoting offers that are too good to be true. If in doubt, check to see if a Page is verified. Also be mindful when you install new apps or games. Sometimes scammers use bad apps and games to gain access to your Facebook account.
Don't accept friend requests from people you don't know. Sometimes scammers will create fake accounts to friend people. Becoming friends with scammers allows them access to spam your Timeline, tag you in posts and send you malicious messages. Your real friends may also end up being targeted.
Pick a unique, strong password. Use combinations of at least 6 letters, numbers and punctuation marks and don't use this password for any of your other accounts. You can also use a password safe like LastPass, KeePass or 1Password to set and remember unique passwords for your account. Learn how to change your password.
Never give out your login info (ex: email address and password). Sometimes people or pages will promise you something (ex: free poker chips) if you share your login info with them. These types of deals are carried out by cybercriminals and violate the Facebook Statement of Rights and Responsibilities. If you're ever asked to re-enter your password on Facebook (ex: you're making changes to your account settings) check to make sure the address of the page still hasfacebook.com/ in the URL (web address).
Log in at www.facebook.com. Sometimes scammers will set up a fake page to look like a Facebook login page, hoping to get you to enter your email address and password. Make sure you check the page's URL before you enter your login info. When in doubt, you can always typefacebook.com into your browser to get back to the real Facebook.
Update your browser. The newest versions of internet browsers have built-in security protections. For example, they might be able to warn you if you're about to go to a suspected phishing site. Facebook supports: