Facebook Scam – Second "Friend" Requests

Have you received a Facebook Friend request from someone who is already a Friend?

Or maybe some of your existing FB Friends have told you that they have received a second Friend request that you know nothing about.

Has your Facebook page been hacked? Probably not.

It happened to my friend – let’s call her Helen. I received a second Facebook Friend request that looked like it came from her.

It’s fake; it was part of a Facebook scam called “profile cloning”.

It means that someone set up a fake page using Helen’s name and copied some basic information from her real page into the fake page. No one hacked or gained access to her real page.

The owner of the fake page then sent Friend requests to Helen’s real friends in order to “harvest” friends for the fake Helen’s page.

Why do they do it?

At the simplest level, the scammers are trying to collect email addresses or contact details that they can sell to spammers or use themselves to send spam. In this scenario, the next thing that happens is that those of us who innocently accepted the fake requests and thus became friends of the fake Helen start receiving Facebook messages or pop-up adverts with dodgy links promoting dodgy websites or dubious services, or we are bombarded with spam emails.

At a more sinister level, the scammers are trying to collect any scraps of confidential information about real people that they might be able to use to access their target’s other accounts or to steal their identity.

More likely they are setting up a “con” where we start getting worrying messages from the fake Helen a few weeks down the track. “Helen” is begging for help to rescue her from a desperate situation. Her urgent plea for help might say something like she is sick in hospital overseas. An elaborate one might say she is on holiday in somewhere like Thailand or Russia where her bag has been stolen containing all her money, credit cards and tickets; she can’t pay her bill at the hotel where the manager is threatening to call the police and he won’t return her passport until she pays up and she is stranded with no one to help. It often sounds fairly plausible, especially if the real Helen is a frequent traveller. The message then asks if you can help her to get out of the mess and get back home by sending some money which she promises to pay back as soon as she returns. It gives details of “her” bank account where to send or deposit the money. Needless to say, anyone sending money will never see it again.

Update March 2023: And a more recent possible reason for profile-cloning might be to create propaganda bots. These are fake, automated X/Twitter and Facebook accounts whose purpose is to sway political debate and influence elections by generating hundreds of thousands of messages attacking one political party or candidate and praising another. This article in the Guardian describes a recent US bot plague and should be visible to US, UK and Australian readers.

What to do about it?

First check whether any FB Friend appears twice in your own Friends list. If so, look at both profiles. The fake page is usually easy to spot. Often it has very little content; there is little more than the person’s name and profile picture on it. (Remember though that some people might have two separate Facebook pages for perfectly good reasons, e.g. one personal and one for business.)

If you find you are a friend of a fake page, then “unfriend” the fake person. (In your own Friends list there is a button labelled “Friends” next to each profile picture. On the fake friend’s profile, point to that “Friends” button with your cursor and a drop-down menu appears – the last item is “Unfriend”.)

To make it harder for such scammers to do the same to you, first go through your own list of friends and unfriend anyone that you don’t actually know or recognise. Then go through your Facebook privacy settings and make the different types of information about yourself visible only to yourself, or to friends only, or to friends of friends as appropriate to your level of comfort. If you set your own friends list to be visible to “only me”, it will prevent a profile cloner from seeing that list and sending fake friend requests to your real friends. If you set your friends list to be visible to “only friends”, it will have a similar effect, unless you have already inadvertantly accepted a fake friend request – then the scammer can see your list and send them messages.

Don’t accept a friend request from someone you don’t know. When you receive a friend request from someone you recognise, check to see if that person is already on your Friends list. If they aren’t, check the person’s profile to make sure it looks genuine before you accept the request. However, please note that some genuine profiles, depending on the owner’s privacy settings, are largely hidden from public view and visible only to people who are already friends.

And if you ever receive an out-of-character message, a plea for help or a request for money from a “friend”, contact the real person by some other means such as telephone or SMS to see if the message is genuine or not. Do not hit “Reply” to such a message and don’t click any links in it.

What to do if your page/profile has been cloned.

If you are the victim of a cloned profile, you might not be able to see the fake page yourself because cunning cloners sometimes block the real person from the fake page to delay their finding out about it.

If it happens to you (e.g. your friends tell you they have received second friend requests from you) tell Facebook that someone has cloned your profile and ask Facebook to remove the fake page.

This is a link to the Facebook help page that explains how to report various Facebook misdemeanours: https://www.facebook.com/help/181495968648557/. On that page, the item you need is the first one, “Profiles”. In essence, it tells you to go to the fake page and click on the “three dots” button next to the “Message” button in the bottom right of the header image – this reveals a drop-down menu with an option “Report”. However, if the creator of the fake profile has blocked you, you might want to ask two or three trusted friends to report it.

This entry was posted in Ian's Posts. Bookmark the permalink.