A few times a month, I get a friend request on Facebook from someone I’m already friends with. Later I see a post from that person to “not accept any friend requests from me, my Facebook account has been hacked.”
I try to explain to them that they haven’t been hacked, they’ve been cloned.
Note, the links I’m mentioning are for phones, since that’s how most people use Facebook. A PC could be slightly different. And since I’m using Android, an iPhone could possibly be different as well.
If you think your Facebook account has been hacked, that is probably incorrect. In 99% of these cases no one has your password. To verify this, hit the hamburger menu icon (three dashes in the upper right) and go to Settings and Privacy/Settings/Security and Login/Where You’re Logged In/See All. There you will see all the places you have logged in from. If you see any that you don’t recognize, then there is a real good chance that your Facebook account has been hacked, and you can sign that person out. Then make sure to change your password. But chances are, you won’t find that.
Also, you would know that this didn’t happen if you have 2-Factor Authentication (2FA) turned on. You do have 2FA turned on, don’t you? If you don’t, do it. Now. If you don’t know how to, see this article.
You Haven’t Been Hacked
Like I said, your Facebook account hasn’t been hacked, it’s been cloned. Someone simply made an account using your name and profile photo (sometimes they don’t even use a photo), and sent friend requests to all of your friends. It’s simple to do.
They do this in order to scam money from other users. People will accept the friend request from the fake account and the scammer can then look for personal information that can be used for identity theft, or to ask for emergency money, etc. They send phishing links through Messenger, and since the link appears to come from one of your friends, the intended victim is likely to click on it.
How Do They Get My Friends List?
These scammers get your friends list from two places. One, if you have your friends list as public, they can simply open up your profile and make a list of your friends. The other way is if you’ve accepted a friend request from another cloned account.
There are two ways to combat this.
Number One: Keep Your Friends List Private
This way, only your friends can see your friends.
To turn this on, go to Settings and Privacy/Settings/Security and Login/Who can see your friends list. It should say “friends.” If not, click that and change it. For even more security, you can change it to “only me.”
Number Two: Don’t Accept Friend Requests From people you are already friends with
When you get a friend request from someone you believe you have already friended, go into your friends list and check. If they’re already there, ignore the request and forward this article to them.
If you think you have already accepted a fake friend, go into your friends list and look for duplicates, figure out which one is real, and unfriend the other one.
You can then report that fake profile to Facebook.
Speaking Of Security – Games, Quizzes, And Whatnot
While we’re on the subject of Facebook security, you know all those games (does anyone play Candy Crush anymore?), quizzes (What leprechaun are you? What’s your pirate name, etc.), and many other activities on Facebook? Those don’t come from Facebook, but from other companies. And whenever you do one of these, you authorize that company access to your profile and friends. The same with apps and websites that you log in with your Facebook account. It’s against Facebook’s Terms Of Service for them to use that data nefariously, but it’s also against the law to rob banks. The Terms Of Service doesn’t always stop them.
Facebook’s policy about games and such:
“When you use third-party apps, websites or other services that use, or are integrated with, our Services, they may receive information about what you post or share. For example, when you play a game with your Facebook friends or use the Facebook Comment or Share button on a website, the game developer or website may get information about your activities in the game or receive a comment or link that you share from their website on Facebook. In addition, when you download or use such third-party services, they can access your Public Profile, which includes your username or user ID, your age range and country/language, your list of friends, as well as any information that you share with them. Information collected by these apps, websites or integrated services is subject to their own terms and policies.”
Check Who Has Your Data
To look at all the companies that have access to your data, go to Settings and Privacy/Settings/Security and Login/Apps & Websites (also the “Games” right below that). There you can see a list, and I’m sure some people have a loooong list. You can go in and remove access that you don’t need anymore, and some of them will say “expired,” so you don’t really have to worry about them unless you renew it by using that activity again. You can also look at the other privacy and security settings in there to see if you want to change anything. Here’s what mine says:
What does yours say?
One More Thing
While you’re at it, take the time to check out your Facebook profile and what it looks like to the public. To do that, hit the hamburger menu and click on “See Your Profile.” Hit the three dots to get to “Profile Settings,” and click on “view as.” This will enable you to view how people whom you are not friends with can see you. If you see any posts that shouldn’t be there, or any changes to make, you can make changes to those posts or go back into settings and make those changes.
No, this isn’t as fun as Candy Crush, but it’s something that’s important.
If you have any questions about this or any another article, leave a comment below or email me at firstname.lastname@example.org