Facebook Cloned Accounts and How to Help Prevent it Happening To You

Facebook Cloning Explained

Facebook cloning describes a technique in which scammers create a fake Facebook profile by using images and other information stolen from a targeted user’s real Facebook profile.

The scammers may be able to create a profile that – at least at first glance – looks very much like the target’s genuine profile. Especially if the victim has all or some of his or her profile material set to “public”.

First, let me make clear that Facebook cloning is NOT “hacking” as claimed in some circulating security warnings. The scammers have not gained access to the victim’s real Facebook account or tricked the user into divulging his or her login details. They have simply copied publicly available information and images and used them to create a new profile.

Why would scammers do this?

Once the scammers have created a fake profile, they can send friend requests to people on the targeted person’s friends list.

At least a few of the victim’s friends may accept this second friend request because they mistakenly believe that the victim has accidentally unfriended them. Or, people with a large number of Facebook friends may have forgotten that they were already friends with the victim and accept the second friend request. And, regrettably, some Facebook users tend to immediately accept friend requests without due forethought.

Once the scammers have a few “friends” on the fake profile, they can then start sending scam messages in the name of their victim.

They may try to draw the friends into advance fee scams claiming that the victim has won a large sum of money and offering the “friend” the chance to also win.

They may send messages that claim the victim has been stranded in a foreign country and needs a short-term loan to get out of trouble. Because the recipients of the message think they are talking to someone they know, they may agree to “loan” the money.

The scammers may also use the illusion of friendship to collect personal information from the victim’s friends. A clever cloner may even be able to commit identity theft by tricking the victim’s friends into divulging a large amount of their personal and financial information.

How To Protect Your Facebook Account From Cloning

It is difficult to entirely eliminate the risk of having your Facebook account cloned. However, you can significantly mitigate this risk by ensuring that you use privacy settings that hide as much of your information as possible from strangers.

The more of your stuff that is publicly available, the more effective a profile cloning attempt will likely be. Unfortunately, many Facebook users still have much of their information set to “Public”. These comparatively open accounts are easy targets for cloning scammers.

Here’s what to do to change that.

[Please note that these instructions describe accessing Facebook from a computer web browser. If you are using Facebook on a mobile device or via an app, you may need to use a different method to access your privacy and friends list settings.]

1. Hide Your Friends List

It is especially important to hide your friends list from prying eyes. If the clone scammers cannot see who you are friends with, they will not be able to send out fake invites to your friends. So, hiding your friends list can help to thwart clone scammers.  To hide your friends list, open your profile and click on the “Friends” tab. Then, click the pencil icon on the right side and click “Edit Privacy”:

Edit Friends List

In the “Who can see your friends list?” section, select “Only me” in the drop down list:

Change Friends List Settings

2. Run A “Privacy Checkup”

If you click the “Lock” icon at the top right of your Facebook profile, you can perform a quick privacy checkup related to your posts, apps, and, profile.  Wherever possible, ensure that they are all set to “Friends” or “Only Me” rather than “Public”:

Facebook Privacy Check Up

3. View Your Profile As “Public”

At this point, it’s probably a good idea to see what your Facebook actually looks like to somebody who is NOT your friend. To do this, click the “Lock” icon again then click “Who can see my stuff”. Now, click the “View As” link under “What do other people see on my timeline?”:

Who Can See My Suff

You should now see your Facebook timeline as a member of the public – or a Facebook clone scammer – will see it.

Check your “Friends”  and “Photos” tabs and other elements to see what is visible to strangers. Facebook won’t allow you to hide your current Profile and Cover Photos. They are public by default and there is not much you can do about it.  However, hopefully, your friends list, most of your photos, and most of your other stuff won’t be visible to our hypothetical scammer.

If there is still stuff that you thing should be hidden, proceed with the next steps.

4. Check Who Can See Your Photos

Clone scammers often copy images from the targeted profile and add them to the fake profile to further the illusion that it belongs to the victim. As noted, Facebook won’t allow you to hide your current Profile and Cover Photos.  However, you can make sure that as many of your other photos as possible are set to “Friends” or “Only Me”.  Click the “Photos” tab and open “Albums”. Some types of album will have an audience selector that allows you to set all of the images in the album to “Friends” or “Only Me” in one click:

Facebook Albums

For other albums, such as “Profile Pictures”  and “Timeline Photos” you may need to select the audience for each image individually.  Open the image, click the “Edit” button and choose the option you want via the audience selector.

5. Check Who Can See Other Profile Information

Even seemingly innocuous information such as what books, music, and movies you’ve liked can help a scammer build a more believable cloned profile. So, click the “More” tab and, wherever possible, ensure that the material in each section is not set to public. You can also hide sections completely by clicking the More tab and selecting “Manage Sections”:

Facebook Manage Sections

6. Dig into Your Privacy Settings

You can also check and change privacy related settings via the “Privacy Settings and Tools” section.  It’s  a good idea to familiarise yourself with the options  in the section, so it’s worthwhile taking the time to check it out. Click the drop-down arrow to the right of the lock icon and click “Settings”. Then click “Privacy” in the left menu.  Make sure that everything is set as you would like:

Facebook Privacy Settings

7. Recheck Your “Public” profile

Now, go back to Step 3 above and again check what potential scammers can see on your Profile. All being well, your account will now be locked down pretty tight.  If there is still too much of your stuff visible, you can always go back and tweak the various privacy settings as described above.

  1. What To Do If Your Account Has Already Been Cloned

    If you discover that your Facebook account has been cloned, report the fake account to Facebook.  And, let all of your friends know about the cloning attempt as quickly as possible. Warn them not to accept any friend requests that look like they came from you.

    What to do if You Receive a Friend Request That You Suspect is from A Clone Scammer

    Be wary of any friend requests from people that you are already friends with. If you receive one, check your own friends list to see if you are still friends with the person. If so, the friend request is likely to be from a cloned account. Alert your friend to the scam as soon as possible so that he or she can take steps to deal with the issue. In the early stages, your friend may not be aware that his or her account has been cloned.

    Help Educate Your Friends

    If every Facebook user was aware of how cloning scams work and how to protect themselves, the prevalence and impact of cloning would be greatly diminished or even eliminated. Sadly, that’s not going to happen anytime soon. Nevertheless, you can certainly help by ensuring that your friends know about cloning. If necessary, take the time to explain the issue and help them with their Facebook settings. Sending them a link to this Knowledge Guide might be a great first step.