On average, I get a duplicate friend request from someone on Facebook about once a week.
You’ve probably seen these. You are already friends with the person, and suddenly you get a new friend request from them. The new profile has the same profile pic, the same cover pic, and maybe even more things duplicated from your actual, real friend.
Inevitably, that leads to a follow up post from our friends like this:
People know what to do to stop a hacker.
Change your password to something more secure.
However, in this case that will help exactly 0%. Because you have not been hacked.
(But go ahead and change your password anyway – setting a more secure password is always a good idea for your online accounts)
Attack of the Clones
You haven’t been hacked at all.
Your account has been cloned.
Somewhere, someone has scrolled through Facebook and created a brand new account that looks like yours.
Your pictures are publicly visible, and so they downloaded them and re-uploaded them to the new account, using your name. They did not need your password or access to your account at all to do this. They used publicly available information to do it.
That done, they looked at your list of friends and and started to send them friend requests.
Why Was I Cloned?
The risk of cloning is not to you. Your account is not compromised. The only info that the person who cloned you can see is your public information. The risk is to your friends.
As the person who sent friend requests to all your friends, many of them will recognize that it is a fake.
But a certain percentage of them will accept the friend request.
And as soon as a person accepts the friend request from the clone, their private information becomes visible to the person who created the clone. And that is what they are after. Not you – they want your friends’ private information.
What Can I Do to Stop Cloning?
None of us want to get that series of Facebook messages from our friends, “I just got another friend request from you.” And more importantly, We all want to protect our friends from this risk.
Changing your password does not help, so what can you do?
There is one thing that can help more than any other:
Change the privacy of your friends list.
The cloner needs to send requests to all of your real friends. And the only way they can do that is if they can see who your friends are.
- Go to your profile
- In the left hand column, go to the box that says “Friends”
- Click on the down arrow, and then select “Edit Privacy”
- Reset the privacy options for your friends list in the dialogue box that opens
There are three options that show up in the dialogue box – the privacy of your friends list, who can see what pages you follow, and who can see the people that follow you.
For each of these options, set the privacy to something more than “Public” – so that only your friends, or perhaps only you, can see who your friends and followers are.
If the cloners can’t see your friends list, there is no reason for them to clone your account.
(While you are looking at these things, go ahead and check the rest of your privacy settings on your pictures and posts. Are you sharing information to the public that you really intend only for your friends?)