The new Facebook scam that’s fooling your friends with your photos

The “urgent” warning has popped up a number of times on Facebook in the past few weeks. Accounts are being hacked, it says, and your photos and name are being used to create a new Facebook account. You need to warn all your friends now. Sound scary? 

It is. But you’re not being hacked. You’re being cloned.

If you didn’t know such a thing could happen, don’t feel ashamed. My husband and I both work in the tech industry (him with expertise in cyber security), and when friends started texting me on a Sunday last fall asking why I was sending them weird messages on Facebook, I had no idea what they were talking about. I pulled up my social media account and typed in my name, and there it was: a second account using my name (although my married name was in parentheses), a photo of me hugging my husband at our best friends’ wedding and another photo of the river right outside my childhood home. What’s more, dozens of my friends were “friends” with this faker.

More: The one online risk most parents forget to warn their kids about

Fortunately, my husband’s cyber security background helped me quickly get to the bottom of the problem: Someone had stolen my publicly available photos and was trying to trick my friends.

It was working. One friend later admitted she assumed I had created a new account because we hadn’t spoken in a while and she thought the new name meant I’d gotten divorced (I hadn’t). Others said they just guessed I’d gone on an unfriending spree and was adding them back in.

While a few close friends knew better than to be taken in by the scam, for many it was the unsettling messages from the new account that tipped them off. The scammer even made crude comments about one friend’s young daughter — comments she knew I’d never make.

She, along with other friends, reported the fake account to Facebook, as did I. In a few hours, it was gone.

The sense that I’d been violated took longer to fade.

This person had pretended to be me! He (or she) had gotten a peek into my friends’ private lives. He’d made them feel violated, using my name.

This is what cloners do. And unlike with hackers, there are fewer things you can do to keep them at bay. When you’ve been cloned, no one has accessed your private information.

More: 11 most ethically questionable things people do to save money


Cloners use what’s already publicly available to them. They’re smarter than hackers in that sense. They don’t have to figure out your password to get in. All they need to do is snag your profile photo and a cover photo, which are available to anyone who views your Facebook profile by default. They also use your name — again, publicly available. Then they prey on your friends. Sometimes they’ll ask for money, pretending to be you, of course. Sometimes they’ll make use of access to your friends’ accounts and mine them for private information.

Posting some silly message on your wall won’t do anything to stop it, and of course, changing your password won’t help because they haven’t actually accessed your account.

Here’s what you can do, however. Make your Facebook friends list private. Without friends to prey on, cloned accounts are virtually useless.

To do this, go to your activity log (you can get there by hitting the upside down arrow, right next to the lock icon in the blue bar at the top of Facebook, and clicking “activity log”). Once you’ve gotten into the activity log, head to the left-hand side of the screen. There will be a list of options, and you may need to click “more” to find “friends.”

Facebook friends
Image: Facebook

Click on that, and at the top there’s an option for “who can see your friends list.” The default is public, but you’ll want to change that. You can change to “only me” or “friends” or whatever you want… but hiding it from prying eyes will make a huge difference.

More: 7 Social media hoaxes everyone fell for

If it’s too late and you’ve already been cloned, you should still shut down your friends list. They may not have friended everyone on your list, and it will prevent future cloners from doing the same. But more importantly, you should report the cloned account to Facebook for impersonating you, and ask your friends to do the same. The more reports Facebook gets, the more likely they’ll take down the fake account quickly.

Before you go, check out our slideshow below.

Commonly misspelled words
Image: Avosb/Getty Images


Comments are closed.