Not a day goes by when one of my Facebook friends posts a warning that their Facebook account has been hacked and please do not accept a friend request from them and ignore any messages you get from me.
In most cases, Facebook accounts are not “hacked” but are “cloned”, meaning someone has created another account using your profile photo and name.
The scammers hope you’re not paying attention to this because these are two common mistakes that help the bad guys clone or hack someone’s account and annoy all of your friends:
Mistake number one: accepting friend requests from people you don’t know. Many of us accepted friend requests by the dozens when we first signed up. Scammers create fake accounts in hopes of finding a few people to accept their friend requests. I’ve personally received friend requests from people I don’t know and when I look at our mutual friends, I see at least a half-dozen of my friends have accepted their requests. Sure, I may not know all of my friend’s friends, but sometimes it’s rather obvious they’ve accepted a request from a fake account.
If you accept the request, the scammer gets to see a list of all of your friends. They can then send them friend requests. Suddenly, one of these fakers can build a friend list of several thousand. Those strangers you’ve welcomed into your Facebook world can also see all of your photos and posts.
Since they can see your profile photo, name, and bio, they can right-click on your profile photo, save it, then upload it again and create a cloned account in your name. It seriously happens all of the time.
If you get a friend request from someone you don’t know, don’t accept it right away. If it’s a fake account, chances are good that Facebook will remove the account by the time you check again in a few days.
If their profile is still available you can choose to ignore the request but be aware, that even if you don’t accept it, those people will automatically become your followers who can see any post or photo from you that you’ve shared publicly. That’s true for anyone on or off Facebook, but these followers will also get a notification whenever you post something new.
If you suspect it’s a fake account don’t stop at not accepting the request, block their ability to see anything from you.
Mistake number two: Keeping your friends list visible to everyone. Even if you don’t accept friend requests from strangers, anyone on Facebook can see a list of your friends. To fix this, go into your settings and privacy and under who can see your friends list, make sure it’s either friends, friends of friends, or only me.
Does cloning someone’s Facebook account do anything except annoy people? It can. Maybe you’ve received a message like this from a friend whose account has been cloned. The scammers hope at least a few friends click on a link they send. It could install malware on your computer, or take you to a website asking you to log in with your Facebook credentials. If they have your Facebook username and password, they can and they will, login, and change the password so you can’t get back into your account. And good luck getting it back.
The most important step is to accept friend requests only from people you know personally. There’s no guarantee your account can’t be cloned, but it’ll at least make it more difficult for the bad guys who’ll probably give up and target someone else.