Have you ever opened Facebook to discover you’ve been added by someone you thought was already on your friends list? If so, you would be wise to exercise caution before clicking ‘accept’.
Scammers are cloning profiles and adding everyone on that person’s friendlist in order to trick you into adding the clone as a friend, and giving the scammer access to all the information on your profile - as well as giving them the chance to contact you directly, under the guise of being your friend.
It’s clever in its simplicity, especially if you aren’t a regular Facebook user and don’t know off the top of your head who you do and do not already have on your friends list.
Added to that, the scammer doesn't even need to have added you to their friends list to contact you. They could send you a message directly, which you would be asked if you wanted to accept. However, if you see it's come from a friend, you are likely to accept without even thinking about it, especially as you don't need to click accept - you just need to type your response.
Below is a screenshot of a message received via Facebook Messenger from someone not on the friend list. The message reads 'If you reply, [name] will be able to call you and see information such as your Active Status and when you've read messages.' That's followed by the link 'I Don't Want to Hear from [Name]', which you would click if you knew the person contacting you was posing as your friend - but odds are, you'd just reply as normal.
That's why it might be wise to make a habit of always checking the profile of anyone who requests your friendship or starts a conversation with you on social media - especially if they don't sound like their normal selves, using words and terminology they wouldn't usually, or even a different style of punctuation.
The Federation of Protestant Welfare Agency cloned profile scam
Saga Magazine was contacted recently by Graham, a reader who wanted to share his experience of a cloned Facebook profile scam. The scammer cloned a friend’s profile and contacted Graham, posing as his friend.
Graham told us, “I had quite a long dialogue on messenger with my "friend" who said she had just received a cash award from the Federation of Protestant Welfare Agency; she knew there were still some left and said I ought to apply. I must admit I was highly suspicious, but the friend is internet savvy so I thought she could not have got caught by a scam, so maybe it was legit. But then she asked for my email address to send me some more info, and I realised that although the avatar with her picture was correct, I was not actually speaking to her.”
Graham kindly let us share the below screenshot of his conversation with the scammer - where he fortunately sees through the scam instead of falling for it. (Names and incidental details changed).
You can see the scammer avoids referring to any of the more personal details and goes straight to the point - trying to get Graham's interest in the 'FPWA award'. The messages are badly written and oddly punctuated. The spelling of 'organization' uses the American 'z' spelling - all these are warning signs that Graham picked up on.
However, Graham didn't realise the importance of the grey wording circled below in red, that reads 'You can now call each other and see information such as Active Status and when you've read messages' - this was another warning that the person he was speaking to was not someone on his friends list, and not someone he had interacted with before.
Five ways to spot a fake profile on social media
How to spot a cloned Facebook profile
• Check when their profile picture was added - was it very recently? Are there any other pictures on their account, or interactions with other people?
• Check their friends list - if they have fewer friends than you would expect the person you know to have, this should ring alarm bells.
• If you suspect it's a cloned profile after looking into it, make sure you report it to Facebook immediately. Do this by clicking the button with three dots, like an ellipsis: [...] - then click 'Give feedback or report this profile'. Facebook will ask you why, so click 'Pretending to be someone', and send it. Then block the profile for good measure.
How to avoid allowing a cloned Facebook profile access to your information
• When you receive a Facebook friend request, always check that you don’t have that particular friend on your friend list already. If you do, alert your friend via their original profile to the fact that they have a clone. It could be a harmless duplication on their part - they may have ditched their old profile and set up a new one, perhaps because they forgot the password details for the previous profile, but this is unusual, and always worth checking, especially if the photo for the original account is the same as the new one now requesting you as a Facebook friend.
• Report the cloned profile to Facebook – even though you haven’t been taken in, you never know who else could fall for it.
• Do not interact with the new profile – and if the person reaches out to you, be very wary.
• Make sure your own friends list is hidden so only you can see it - that way, a scammer can't send messages to any of your friends posing as you, so they would be less inclined to go to the bother of cloning your account.
How to hide your Facebook friends list from everyone but you
• Click the dropdown arrow to the far right of the blue bar and select 'Settings' at the bottom.
• Select Privacy in the column to the right.
• Edit your settings so that 'Who can see your friends list' is set to 'Only me'.
Could the scammer have gained access to your friend's original profile?
Is also worth bearing in mind that your friend's original profile could have been compromised - so always be wary if anyone you know tries to get you to sign up for anything that sounds like it could be too good to be true. Surely if it were that good an opportunity, they would call you to tell you all about it...