Your first mistake was answering the phone when you don't know who it is. Never answer the phone, always wait and return a message. Always assume it's bull**** wanting money.
Say this with respect, but our Savior needs a serious hardware upgrade. I know he appreciates vintage wares, but just... no. Jesus, no.
You should keep trying the number till you get a response. I once got an email from a Nigerian prince and things have never been the same since I responded.
Yeah, they send a sign-in notice to your email if a computer signs in from an unknown location. They don't call.
Facebook never calls anybody and you really can't call them unless you have connects and some determination or very specific questions on ad spend. They don't even make themselves very available for inbound calls from major ad accounts--doing outbound for random accounts doesn't seem plausible. If that person calls back, f**k with them and ask them if they're on the Facebook security team. If yes, congrats, confirmed sketcher/scammer. You could then ask how they hash passwords, and what process they went through with the Adobe leak to discover vulnerable passwords to put that person in a tight spot. or just proceed with general f**kery. "What is your CPU core Blazit-Gamut Index?" "What Python module do you use to grave the diggits?" <--tech aside--> FWIW, the algorithmic approach to detecting repeated invalid login attacks in my mind is either a high failure rate on two-factor authentication calls (though how many users actually use Login Approvals is an open question) or a range of IP addresses that historically have nothing to do with your account suddenly racking up a whole bunch of missed hits on your account. Google dashboards those attempts for you and lets you determine what constitutes invalid attempts. Facebook plausibly has a similar way of detecting attempted account brute-force attacks but a) has enough encryption to know it'll be pure brute-force and b) are smart enough to set an automated flow for the thousands to millions of users going through those conditions that doesn't involve escalating to calls. Also, there is no Facebook office in Port Arthur. all said, don't trust those who call you from any major tech company unless you're a major API user, or a major ad account. anybody who claims to do so deserves to be ignored or f**ked with depending on your preferences. <--aside over-->
