A few weeks ago, I got a Facebook request from “myself.” I recognized it right away as a common Facebook cloning scam.
The way it works is simple. Cyber-crooks snag a photo of you, usually right from your own profile page, poach any information you’ve made public, then reach out to all your real friends and family. Once anyone you actually know accepts the fake Facebook friend request or engages with them on Messenger, the scammers typically make a play for money, personal info, or even try to infect your computer or phone with malware.
When the same thing happened to my mom last year, the scammer (pretending to be my mother) hit up my cousin with a sob story asking for money. He texted me instead and I told my cousin how to report it to Facebook.
A few hours later, another one of her friends received a message from the crook to “click this link to see a great YouTube video you’re in.” She too, smelled a skunk. Had she actually clicked the link, though, it could have infected her computer with malware or a virus, logged her passwords and given hackers the fast track to her bank account, email or store accounts.
Spotting the fakes
So how do you know that a friend request is real vs. fake? Here are a few questions to help you figure that out.
Are they a duplicate? This is the most obvious test for any fake friend, and all you have to do is see if someone with the same name is already friends with you on Facebook. Nobody has any reason to make more than one account, so if your best friend from college is still on your friends list but just sent you another friend request, send it straight into the trash. Then report it.
Check their photos. Okay, so a hacker will probably find a few freebie photos for their profile, but if you dig into their albums their plan totally falls apart. Before you accept a shady friend request, click on their name and go to their profile page. Browse through their photos and albums and see what’s there. If it’s bare, aside from the profile picture, or has just a couple random photos with no comments or likes, you’ve just nabbed a faker.
Frisk their friends list. If someone is targeting you, their fake account is likely just a shell with very little going on. Click on their friends list and see how many they have. If it’s blank, run for the hills, but even if it’s well populated, those could all be fake or spam profiles too, so be sure to check what mutual friends you have in common. If the person isn’t friends with any of your friends, it’s almost certainly a scammer.
If you do spot a fake, block, report, and warn your friends. (Facebook also cracks down pretty hard on these kind of shenanigans these days.) From the scammer's main Facebook profile page, you can click the little “more” icon (three little dots in a row) next to their profile picture and then select “Report.” A little menu pops up asking you what you want to report, so select “Report this Profile.” Once you do this, Facebook will know to look at the account and take any actions needed. After you’ve reported, click that little “more” icon again and select “Block” to remove the account from your life forever.
Leave the links behind
Even if you’re good about ditching fake friends and ignoring anonymous requests, anyone on Facebook can still send a message to your "Other" inbox. In Facebook Messenger, these pop up as “Message Requests,” and even if someone isn’t your friend, he or she can still send you nasty links and malware without much consequence.
Never ever click on any links you get in these unverified messages, and do your best to avoid interaction with anyone who sends you a chat request out of the blue, even if he or she looks like someone you know. Follow the rules above and verify before you even reply, and if you determine it's a fake, head to the scammer's profile page and block them.