Anyone with a social media account has been on one side or the other of this scenario. You get a friend request. You seem to think that you are already friends with this person. You think, “Hmm, maybe they accidentally unfriended me,” or you don’t think much about it at all. And the next thing you know you’re getting a facebook message something like this, “Hi How are you doing?” Of course, the picture and name of your friend is correct so it’s easy to overlook. But within just a moment you do realize this is someone impersonating your friend – a clone!
Now many people refer to this as having been “hacked”. In truth, this is not a hack at all. The bad actor in this scenario has not hacked my friend’s facebook account. In fact, my friend still has access to her account and she has been getting messages from other friends telling her that they are getting friend requests from her. The fact is most of us have our information publicly available on Facebook – at least the basic information. All I need to do, if I’m a scammer is to copy your picture and open a new facebook account with your name and upload the saved copy of your picture. These people are impersonating you, not hacking you. This means that changing your password will have no affect on the other person’s ability to impersonate you. What can you do to protect yourself, or even to protect your friends?
Well, you could set it so that your profile is hidden. You could hide your photos so that only friends can see it. But really, that wouldn’t help you any. It would make it harder for some of your friends from the past to contact you, so it’s not the best solution. I will say this, the number one problem in my scenario above is that I did the dumb thing. I accepted the friend request from the scammer. That was the first dumb move. Your friends can help with this, for sure. We can all report the scammer as a fake account on Facebook, and they are pretty good about killing those scam accounts. You can do a search for yourself on Facebook and report fake accounts that aren’t you. When your friends are telling you about these odd friend requests from you, respond to all of them, “Please report that user to Facebook as a fake account.” The best thing we can do it have a flood of reports flowing into Facebook to shut down the copycat account as fast as possible.
So what’s the angle? Likely the clone is planning to strike up a conversation with one of your friends and offer up some sad story to coerce your friend to send them money. Of course, a friend or family member is much more likely to give money to help out someone they know rather than to fall victim to a telescammer who is simply a stranger cold calling us.
Also, please remember to never click on any links that the clone account sends to you or your friends. One more thing that would be a very good setting on Facebook. Go into your privacy settings and make sure that you are the only person who can post on your wall. Friends should only be able to post to your wall after you have been able to view and approve the post. This way the scammer can’t become friends with someone just to be able to make a public post to everyone who reads your wall.
Ok, back to that idea of changing your password. Yes, I do think you should change your password, but not because of the copycat account. You should change your password because far too many people are using memorable passwords. Use something complex, random, and 16-20 characters long. Yes, you’ll need a password manager for keeping passwords like this. I’ll be writing a post later about password managers. For now, write it down with pen and paper the old-fashioned way and keep a notebook by your desk. But get a complicated password. Use a random password generator.
AND set up multi-factor authentication which may also be called 2fa, mfa, or two factor authentication. I’m also going to write another blog post about this topic. For now, just know, you should set this up on any account where it’s an option.