Have you ever opened Facebook to discover you’ve been added by someone you thought was already on your friends list? Or perhaps a brand you follow on Facebook has messaged you out of the blue to let you know you've entered a prize draw you never even entered? If you're male you might even be bombarded with friend requests from beautiful young women you've never heard of.
If so, you would be wise to exercise caution before clicking ‘accept’ or following any links you get sent.
Fake Facebook friend requests
Scammers are cloning profiles and adding everyone on that person’s friends list in order to trick you into adding the clone as a friend, and giving the scammer access to all the information on your profile - as well as giving them the chance to contact you directly, under the guise of being your friend.
It’s clever in its simplicity, especially if you aren’t a regular Facebook user and don’t know off the top of your head who you do and do not already have on your friends list.
Added to that, the scammer doesn't even need to have added you to their friends list to contact you. They could send you a message directly, which you would be asked if you wanted to accept. However, if you see it's come from a friend, you are likely to accept without even thinking about it, especially as you don't need to click accept - you just need to type your response.
Below is a screenshot of a message received via Facebook Messenger from someone not on the friend list. The message reads 'If you reply, [name] will be able to call you and see information such as your Active Status and when you've read messages.' That's followed by the link 'I Don't Want to Hear from [Name]', which you would click if you knew the person contacting you was posing as your friend - but odds are, you'd just reply as normal.
That's why it might be wise to make a habit of always checking the profile of anyone who requests your friendship or starts a conversation with you on social media - especially if they don't sound like their normal selves, using words and terminology they wouldn't usually, or even a different style of punctuation.
The Federation of Protestant Welfare Agency cloned profile scam
Saga Magazine was contacted recently by Graham, a reader who wanted to share his experience of a cloned Facebook profile scam. The scammer cloned a friend’s profile and contacted Graham, posing as his friend.
Graham told us, “I had quite a long dialogue on messenger with my "friend" who said she had just received a cash award from the Federation of Protestant Welfare Agency; she knew there were still some left and said I ought to apply. I must admit I was highly suspicious, but the friend is internet savvy so I thought she could not have got caught by a scam, so maybe it was legit. But then she asked for my email address to send me some more info, and I realised that although the avatar with her picture was correct, I was not actually speaking to her.”
Graham kindly let us share the below screenshot of his conversation with the scammer - where he fortunately sees through the scam instead of falling for it. (Names and incidental details changed).
You can see the scammer avoids referring to any of the more personal details and goes straight to the point - trying to get Graham's interest in the 'FPWA award'. The messages are badly written and oddly punctuated. The spelling of 'organization' uses the American 'z' spelling - all these are warning signs that Graham picked up on.
However, Graham didn't realise the importance of the grey wording circled below in red, that reads 'You can now call each other and see information such as Active Status and when you've read messages' - this was another warning that the person he was speaking to was not someone on his friends list, and not someone he had interacted with before.
Five ways to spot a fake profile on social media
How to spot a cloned Facebook profile
• Check when their profile picture was added - was it very recently? Are there any other pictures on their account, or interactions with other people?
• Check their friends list - if they have fewer friends than you would expect the person you know to have, this should ring alarm bells.
• If you suspect it's a cloned profile after looking into it, make sure you report it to Facebook immediately. Do this by clicking the button with three dots, like an ellipsis: [...] - then click 'Give feedback or report this profile'. Facebook will ask you why, so click 'Pretending to be someone', and send it. Then block the profile for good measure.
How to avoid allowing a cloned Facebook profile access to your information
• When you receive a Facebook friend request, always check that you don’t have that particular friend on your friend list already. If you do, alert your friend via their original profile to the fact that they have a clone. It could be a harmless duplication on their part - they may have ditched their old profile and set up a new one, perhaps because they forgot the password details for the previous profile, but this is unusual, and always worth checking, especially if the photo for the original account is the same as the new one now requesting you as a Facebook friend.
• Report the cloned profile to Facebook – even though you haven’t been taken in, you never know who else could fall for it.
• Do not interact with the new profile – and if the person reaches out to you, be very wary.
• Make sure your own friends list is hidden so only you can see it - that way, a scammer can't send messages to any of your friends posing as you, so they would be less inclined to go to the bother of cloning your account.
How to hide your Facebook friends list from everyone but you
• Click the dropdown arrow to the far right of the blue bar and select 'Settings' at the bottom.
• Select Privacy in the column to the right.
• Edit your settings so that 'Who can see your friends list' is set to 'Only me'.
Could the scammer have gained access to your friend's original profile?
Is also worth bearing in mind that your friend's original profile could have been compromised - so always be wary if anyone you know tries to get you to sign up for anything that sounds like it could be too good to be true. Surely if it were that good an opportunity, they would call you to tell you all about it...
Weird Facebook friend requests
Sometimes you might get a friend request from someone you don't even know, and this is particularly likely if you're a man. Hackers and scammers frequently target male Facebook profiles to send friend requests from fake accounts using profile pictures of beautiful young women (often in bikinis or cocktail dresses). As with most scams, if it's too good to be true it's probably a scam, and it's more likely to be a scammer using images stolen from someone else's account (or even from their modelling portfolio) than an attractive mystery women wanting to get to know you.
The fake business page prize draws scam
Have you unexpectedly won a prize from a brand you follow on social media? Be careful, this is also a scam! Scammers are cloning Facebook business pages by using their username and profile picture or logo and direct messaging followers of that brand's page.
The messages will usually say something along the lines of "Please register to claim your prize" with a link to a website that will no doubt ask for personal details, perhaps even bank details or passwords, and certainly private data such as address and phone number.
These links might look professional at first glance because they have duplicated official brand photography and logos, but the website address is probably generated by an address shortening website such as Bit.ly or TinyURL. These websites are useful for making long addresses more appealing but they also hide the final location.
As a general rule you will know it is a scam because:
- You have no memory of entering a prize draw
- Clicking on the profile icon reveals that the account is new and does not have the post history or followers the real brand would have
- You are expected to go to a different website and provide sensitive data such as name, address, phone number, email address, or log in
- If it's too good to be true it probably is!
If you find you have been selected as a winner report the account as spam and block them. Do not click any links they send you and do not engage in dialogue with them.
If you have any doubt, perhaps you know you have entered prize draws with that brand in the recent past, contact the brand through their official website (there should be a contact us section) to let them know you have received the message and they should be able to check whether it is legitimate, however this is unlikely to be the case.