As another confusing message spreads, we look at Facebook privacy, cloning, and hacking
Here’s an edited version of a post about Facebook account cloning I posted last year (2017) which has been getting a lot of hits recently.
Heads-up!! Almost every account is being cloned. Your picture and your name are used to create a new face book account (they don’t need your password to do this this). They want your friends to add them to their Facebook account. Your friends will think that it’s you and accept your request. From that point on they can write what they want under your name. I have NO plans to open a new account. Please DO NOT accept a 2nd friend request from “me”. please forward to all your contacts.
Clearly this is the Facebook equivalent of a chain letter, but that doesn’t necessarily mean it isn’t true, does it?
Well, it’s certainly true that Facebook accounts do get cloned, but it doesn’t happen as regularly as this implies. Snopes – always a good resource for checking potential hoaxes and chain messages – classifies it as ‘partly true’ and includes this and three other examples of the messages that have circulated. David Mikkelson also points out that it’s far from new and doesn’t entail real ‘hacking’.
Clearly, this article was mostly focused on a warning that was widely circulated on Facebook for some time, rather than on the mechanics of cloning. However, I do know that some of my own friends and acquaintances have had their accounts cloned recently, and it may be that there’s an uptick in the scam that has resulted in an awful lot of people reading the article above in the past few days. However, there have also been many instances of Facebook users receiving a message along these lines:
Hi….I actually got another friend request from you yesterday…which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears…then hit forward and all the people you want to forward too…I had to do the people individually. Good Luck!
There are quite a few sensible pages discussing this message, which is not very useful, even if it’s not a complete hoax (or worse). I’ve listed a few useful and relevant informational resources at the end of this article, but they don’t necessarily look at either message in the context of the wider problem.
I’m hoping that presenting this article in the form of an FAQ (Frequently Asked Questions) list will make many of the issues around Facebook hacking and cloning – not the same thing! – a little clearer.
This latest message has been sent to many, many people whose accounts have not been cloned and from whom “another friend request” has probably not been received. Perhaps (let’s be charitable…) the section from “Hold your finger on the message…” was intended to be offered as a template for people who do receive superfluous friend requests, but there is no text included to convey that idea. What’s more, even if that was the intention, I could hardly recommend it as a template.
Suppose you receive this message. It doesn’t tell you how to check on whether your account has, in fact, been cloned. It doesn’t tell you what to do. It doesn’t even tell you to warn other people not to accept new invitations from you (which might actually be a useful item of information to pass on). It simply puts the Fear of Facebook into the people to whom you send, causing them to think that it’s their account has been cloned, which may or may not be the case, but probably isn’t. Even if your account has been cloned, forwarding the message to lots of people whose accounts haven’t been cloned is worse than useless. Yet that is exactly what some people have done.
Scammers spoof the accounts of legitimate Facebook users, using the victims’ names and stealing images and personal information from their accounts.
If the scammers trick a few people into becoming their friends, they can use the fake accounts to send scam messages to their new ‘friends’. (Sadly, it’s not the priceless photographs of what you had for dinner or where you’ve been walking that the scammers are interested in – it’s your Friends List…) The recipients will be more susceptible to falling for the scam because the message seems to come from a friend. The scam might (for instance) be:
The scammers might also use the new ‘friendship’ to access personal information. Maybe even as part of a data aggregation attack that helps them commit full-blown identity theft.
There are, of course, all too many other possibilities.
There could be a number of reasons.
Either of those last two assumptions may be correct, but they’re not safe assumptions.
So don’t make any of the assumptions in section (4): check with your friend. If no such request was sent, refer the friend to sections 5 and 6 below. Consider making contact face-to-face, by phone, or by email, rather than through Facebook.
An obvious measure is to put your own name into the Search box above your news feed and see if you have a doppelgänger. You could also ask one or two of your Facebook friends – especially if you have some that you know are security-savvy – whether they’ve received a duplicate friend request, apparently from you.
The chances are, of course, that there are other people on Facebook who really do have the same name as you. There are measures you can take to get a clone account removed, but you will need to be sure that you’re not about to victimize someone who simply happens to share your name.
Don’t forward that unhelpful message telling people that their accounts have been cloned. And don’t panic and set up a new account: it’s the imposter whose account should be trashed. Facebook has a helpful article on How do I report an account or Page that’s pretending to be me or someone else? Remember, the cloner hasn’t actually hacked the account.
And yes, it would be a good idea to put up a post letting your friends know there’s a clone about.
Facebook changes where it puts menu items every so often, and it may vary from device to device. However, you need to find the Settings menu , and the Security & Logins page option should show you Where you’re logged in. Unfortunately, Facebook’s grasp on geolocation is often amusingly imprecise: you may find that it thinks you’re quite far away from your real location, which casts doubt on its ability to show a login from a dubious location. Still, if you’re in Ireland and Facebook displays logins from Eastern Europe, it’s probably a good idea to investigate further. If there is a current login that clearly isn’t you, you may be able to log that device out, and take the opportunity to change your password before that user logs back in.
Even if no one is currently piggybacking on your account, there are a number of options on the Security & Logins page that will reduce the risk of someone else using your account: two-factor authentication, enabling notification of unrecognized logins, and so on.
You can’t. Not least because Facebook insists on making some of your profile information public, meaning that anyone at all can access it, and setting up an account using your name and profile picture is enough to set up a fake version of your account. However, there are a number of privacy settings you can edit. Setting your Friends List so that only you can read it vastly reduces the risk that your friends will be contacted by a cloned account.
To quote my earlier blog post again:
Facebook users who make a lot of information about themselves public make it easy for a cloner to use images and information to set up a fake account. Several scams such as ‘ Londoning ‘ depend on the cloner being able to contact the friends of the owner of the genuine account. While you can’t eliminate the possibility of your account being cloned, you can lower the risk by reducing the value of your account to the scammer. You can do this by tightening your privacy settings: obvious ways of doing this include setting your account so that only friends can see your post
Even your real friends might unknowingly send you a dangerous link. The difficulty is establishing what constitutes ‘dangerous’, and I can’t give you a definitive list of ‘suspicious’ items, except in so far as any link posted on a Facebook feed could be dangerous. Links reflecting a mutual interest are more likely to be innocuous. The kind of generically attention-grabbing links already mentioned – interesting/unusual/dramatic videos, news, celebrity gossip, or (literally) fabulous offers and prizes – are more typical of the kind of social engineering beloved of hackers, scammers, and purveyors of malware.
Many Facebook users find themselves receiving invitations to connect with people far beyond their circle of direct personal acquaintance. Indeed, Facebook actively promotes the idea that you should make as many ‘friends’ as possible. I certainly won’t tell you not to connect with friends of friends, or people with shared interests encountered in groups or on special interest pages. However, a lot of unsavoury people manage to establish a presence on social media in general and Facebook in particular, and you can’t rely on Facebook – or, come to that, on security software – to filter them out. If you’re not prepared to be cautious, sooner or later you’re going to connect with someone whose intentions are not benevolent.
While Facebook’s devotion to its users’ security and privacy is by no means always to be assumed, it does offer settings that enhance security and privacy . However, those safer settings are not necessarily the default. It’s well worth finding out what your current settings are, and how to improve them . (See also section 8 above.)
More about the hoax message:
Cloning/fake pages and profiles:
Or comment on this post, and we’ll do our best to answer any questions you may have.
As another confusing message spreads, we look at Facebook privacy, cloning, and hacking