Blog 0001

The Facebook Account Cloning Scam
or The Duplicate Facebook Friend Request

(and what to do about it.)

It seems that the "duplicate friend" scam is still going around on Facebook, although a lot of people are getting wise to it and not confirming Friend requests from people they are already friends with. First of all, NOBODY HAS BEEN HACKED! "Hacked" would imply that someone has gotten access to your real Facebook account, and that has NOT happened. This scam just takes advantage of some decisions that Facebook made when they designed their platform: profile pictures and cover photos are always public (you can't change this), and anybody can set up a Facebook account using any name they like, even if someone else already has a Facebook account using that name (they pretty much had to do this, because with millions of users, there are bound to be a LOT of duplicates).

Here's how the scam works: A scammer finds someone whose Friends list is "open" (visibility is Public) -- see how to fix this below. The scammer then steals that person's profile picture and perhaps their cover photo, sets up a new Facebook account using the person's name and those 2 photos, then sends Friend requests to everyone on that person's Friend list. They may steal other information that is public also (High School, employer, etc.) to make the fake account look more realistic, although if you look at one of these fake accounts, they usually seem to steal only enough to make the it look real. Then they can visit the Facebook page of each of the original victim's friends, looking for others whose Friends list is Public, rinse and repeat, as they say. If the original victim's friends Confirm the friendship, then the scammer has access to all THEIR friends also. In this way they can spread the scam to a LOT of people. They may even have this process automated. Note that NOBODY'S ACCOUNT HAS BEEN HACKED! The scammers are just taking advantage of some people who have been a bit careless, and of the way Facebook works. Why do scammers do this? A couple of possibilities:

Companies pay for "Likes" on Facebook pages/posts, so the scammers may be able to pass off these fake accounts as real, since they look fairly real at first glance. Facebook also may have some controls that keep the scammers from creating too many fake Facebook accounts in other ways.
The scammers may send spam advertisements, offers, etc. directly to the people who fall for this scam. These could include links, which might install viruses, or just be an easy way to do "click fraud" (since advertisers pay web sites for clicks). etc.

Now, what to do about the "account cloning" or "duplicate friend" Facebook scam. Unfortunately, once this happens, there's not a lot you can do about it. Here's a few recommendations, though: First, if you get a Friend request from someone you think you might already be friends with, check your Friends list, and if you are already friends, Delete the friend request and report it to Facebook as spam.

If you discover that your friends are getting duplicate Friend requests that appear to come from you, you might want to change your Profile picture and Cover photo.

And here's how to set the visibility on your Friends list so it will be harder for the scammers to do their scam: On a computer, click on the small down-arrow (top right in the blue bar at the top of your Facebook page), then click "Settings". On the left of the Settings page, click Privacy. You should see a setting for "Who can see your friend list?". Click "Edit" next to that and then select "Only me" from the pulldown that appears.

Changing this setting from a phone or tablet is similar. On my iPad, there is a down-arrow next to my name in the blue bar at the top of the screen. Touch the down-arrow, select "Settings", then touch "Privacy".

This won't help too much if any of your friends have their setting wrong, or if your account information has already been stolen, but at least it may help prevent future attacks. NOTE THAT YOUR ACCOUNT HAS NOT, I REPEAT NOT BEEN HACKED! Hope this helps..

The Facebook Account Cloning Scam or The Duplicate Facebook Friend Request (and what to do about it.) It seems that the "duplicate friend" scam is still going around on Facebook, although a lot of people are getting wise to it and not confirming Friend requests from people they are already friends with. First of all, NOBODY HAS BEEN HACKED! "Hacked" would imply that someone has gotten access to your real Facebook account, and that has NOT happened. This scam just takes advantage of some decisions that Facebook made when they designed their platform: profile pictures and cover photos are always public (you can't change this), and anybody can set up a Facebook account using any name they like, even if someone else already has a Facebook account using that name (they pretty much had to do this, because with millions of users, there are bound to be a LOT of duplicates). Here's how the scam works: A scammer finds someone whose Friends list is "open" (visibility is Public) -- see how to fix this below. The scammer then steals that person's profile picture and perhaps their cover photo, sets up a new Facebook account using the person's name and those 2 photos, then sends Friend requests to everyone on that person's Friend list. They may steal other information that is public also (High School, employer, etc.) to make the fake account look more realistic, although if you look at one of these fake accounts, they usually seem to steal only enough to make the it look real. Then they can visit the Facebook page of each of the original victim's friends, looking for others whose Friends list is Public, rinse and repeat, as they say. If the original victim's friends Confirm the friendship, then the scammer has access to all THEIR friends also. In this way they can spread the scam to a LOT of people. They may even have this process automated. Note that NOBODY'S ACCOUNT HAS BEEN HACKED! The scammers are just taking advantage of some people who have been a bit careless, and of the way Facebook works. Why do scammers do this? A couple of possibilities: Companies pay for "Likes" on Facebook pages/posts, so the scammers may be able to pass off these fake accounts as real, since they look fairly real at first glance. Facebook also may have some controls that keep the scammers from creating too many fake Facebook accounts in other ways. The scammers may send spam advertisements, offers, etc. directly to the people who fall for this scam. These could include links, which might install viruses, or just be an easy way to do "click fraud" (since advertisers pay web sites for clicks). etc. Now, what to do about the "account cloning" or "duplicate friend" Facebook scam. Unfortunately, once this happens, there's not a lot you can do about it. Here's a few recommendations, though: First, if you get a Friend request from someone you think you might already be friends with, check your Friends list, and if you are already friends, Delete the friend request and report it to Facebook as spam. If you discover that your friends are getting duplicate Friend requests that appear to come from you, you might want to change your Profile picture and Cover photo. And here's how to set the visibility on your Friends list so it will be harder for the scammers to do their scam: On a computer, click on the small down-arrow (top right in the blue bar at the top of your Facebook page), then click "Settings". On the left of the Settings page, click Privacy. You should see a setting for "Who can see your friend list?". Click "Edit" next to that and then select "Only me" from the pulldown that appears. Changing this setting from a phone or tablet is similar. On my iPad, there is a down-arrow next to my name in the blue bar at the top of the screen. Touch the down-arrow, select "Settings", then touch "Privacy". This won't help too much if any of your friends have their setting wrong, or if your account information has already been stolen, but at least it may help prevent future attacks. NOTE THAT YOUR ACCOUNT HAS NOT, I REPEAT NOT BEEN HACKED! Hope this helps..
Blog Index
Back to home page