With over 2.9 billion people using Facebook monthly, the platform is the world’s most active social media network. It’s a place where people continually check in on friends and family and where many like to hang out and unwind at the end of the day.
Facebook users spend an average of 2 hours and 24 minutes on the site each day, and with this type of captive audience, you can imagine how scammers look at the site and see a place full of potential targets.
Phishing using social engineering attacks doesn’t only happen over email. Social media phishing has been on the rise and many people get caught in its net of deception.
One of the tactics that cybercriminals use to trick people into trusting them and clicking a fake link or revealing personal information is account cloning.
What is Cloning of a Facebook Account?
Facebook cloning is when someone creates a new Facebook account and profile that looks exactly like yours. It uses your profile picture, background image, and can even copy posts that you’ve made on your account.
This is often done to celebrity profiles to trick followers, but it’s just as prevalent among non-celebrities. Everyone from your best friend from high school to your aunt Margaret can have their profile cloned.
A hacker doesn’t need to know your password or hack your account to clone it. If your account is public, all they need to do is copy what they see.
How Does Account Cloning Happen?
Facebook has over 500,000 new accounts being added every day (which is 6 new profiles each second). It is not going to cross-check each one of those to see if the images being used are copies of a current profile.
One, a user may be creating a new profile (some people like to start fresh with a friend’s list), two, it would take a huge number of resources to do this type of check, and it could slow down profile creation time.
The main enabler of account cloning is having a public profile and public friends list. The friend’s list is the main driver that makes cloning worth the time and effort to hackers.
If you have a public friend’s list on your profile, then all a scammer needs to do is send out friend requests to all of those people, saying something like, “Hey, I just made a new FB account.”
Why Phishing Scammers Clone Facebook Accounts?
There are a number of phishing scams that can be perpetrated from a cloned Facebook account. And the fact that the person already trusts them (because they’re impersonating a friend or family member) makes the phishing scam more likely to be successful.
Some of the things scammers will do from a cloned Facebook account is:
- Send malicious links to phishing sites
- Ask to be loaned some money
- Ask personal questions in order to get details that can be used for identity theft
- Report you and try to shut down your real profile
- Threaten to post inappropriate images to get the person to engage with them
- Gather more personal info and targets by drilling down into your friends’ friends connections
How Do You Know Your Account Has Been Cloned?
There could be fake accounts out there using your profile picture and you may not even know it.
You could try doing a search of your name on Facebook regularly to see if any profiles come up with your photo that you didn’t make. But if you happen to have a common name, then this could be very time-consuming.
The way that most people find out is when one of their friend’s connections asks them if they sent a new friend request from another profile.
As a rule of thumb, you should never accept a new friend request until you check its validity with the person using another means (phone, in-person, etc.)
What Should You Do If Your FB Account Has Been Cloned?
Report the Fake Account
Don’t interact directly with the scammer. This could be just one worker in a large underground criminal group that isn’t going to be reasoned with.
Instead, go to the profile, click the three dots at the top right, and choose the option to report the profile.
Warn Your Friends About the Fake Profile
Next, you’ll want to warn your FB friends about the cloned profile, so they’re not in danger of being scammed.
Reach out both over your real Facebook account and via other methods you normally use to communicate with them offline or on other platforms.
Make Your Profile & Friends List Private
To help prevent profile cloning, you should change your profile’s privacy settings. You can make your profile private to only your friend connections and also make your friends list private so no one can see it, except for those you choose.
Use Web Protections on Your PC
To avoid falling victim to a fake FB profile of one of your friends, put computer protection in place, such as DNS filtering, antivirus, and more.
Get Online Peace of Mind with WebGuardian
Two River Computer offers an all-in-one PC protection package for Fair Haven residents called WebGuardian. It includes PC monitoring, tune-ups, protection from poisonous websites, and more.
Contact us today for a free consultation. Call 732-747-0020 or reach us online.
