“If you’ve received a friend request from me, please don’t accept it – I’ve been hacked!”– one of your facebook friends
I’m sure we’ve all seen this, or something similar, posted by a friend on facebook at one time or another. Typically, this happens a few hours after you receive a friend request from someone you thought you were already facebook friends with.
Let’s clear this up though – your friend’s facebook account hasn’t actually been “hacked”. What’s happened is that a scammer has “cloned” their facebook profile.
What is a “cloned” facebook profile?
A “cloned” facebook profile is when a malicious scammer sets up a new facebook account, and makes it look as close to your facebook account as they can.
Even if you’re not friends with someone on facebook, provided they’ve not “blocked” you, you can still their name, profile picture, and header image, and in many cases who you’re friends with too.
So a scammer finds your facebook profile, saves your profile and header images to their computer, and uploads them to a new facebook account they’ve created. They also set their name to be the same as yours.
Next, the scammer looks through your facebook friends list and sends a friend request to each.
Your friends then receive a new friend request seemingly from you (despite them already being friends with you on facebook), and because their name and profile picture look right, you may be tempted to accept their friend request.
So my account hasn’t been hacked?
No, the only information the scammer can see is what any member of the public sees when viewing your facebook profile. The scammer does not have access to your facebook account, and so changing your password won’t make any difference. The scammer is actually targeting your facebook friends, rather than you personally.
What are the scammers trying to achieve?
So what are these scammers actually trying to achieve? Well, they’re trying to gain your friend’s trust by fooling them into thinking that they are you. Usually the scammers ultimate aim is to trying and scam money out of your friends.
Typically if your friends accept this friend request, then at some time later – it may be the same day, but equally it could be several days later – the scammer pretending to be you will send your friends a message through facebook.
They’ll initially ask your friend how they are, and break the ice with some small talk, before then trying to scam money out of them by preying on their caring and compassionate nature.
As an example, the scammer (pretending to be you) may tell your friends that they’re currently on holiday, but have just been robbed and had their wallet stolen, and now have no money, and so can you (being the good friend that you are) wire them some emergency cash so they can get home, and they’ll pay you back once they’re back.
….don’t fall for it!!
Is there anything I can do to stop my facebook profile from being “cloned”?
Actually, there is!
Whilst you can’t stop anyone from seeing (and saving) your name, profile picture, and header image on facebook, scammers have little to gain by “cloning” a profile that they can’t see the person’s friends list for!
So it’s worth considering changing who can see your friends list on facebook.
You’ll find this setting via Settings & Privacy → Privacy → How People Find and Contact You.
Under “Who can see your friends list?”, make sure this isn’t set to “Public“. At a minimum it should be set as “Friends“, meaning only those people you’re actually friends with on facebook will be able to see your friends list. A setting of “Only me” will prevent anyone other than you from seeing who you’re friends with on facebook.
Making this one simple change can greatly reduce the chance of your facebook profile being “cloned” by a scammer.