I’ve been besieged by a slew of friend requests from cloned profiles in the past couple of days, and seen more “I’ve been hacked” posts than I care to mention. Something’s up with either Facebook letting down its guard, or a fairly robust operation going on to mess things up, but one things has been fairly consistent and that’s most of the people I know are not getting hacked and have no need to worry about every little thing in their life.
TL;DR – this probably isn’t for you, it’s something you can send to your friends/parents/people you’re related to to let them know to worry or not.
Here’s a quick rundown of hacked verses cloned.
Facebook profile cloning
A bad actor copied your profile photo and created a new account using the information they could get from your profile (keep your details private peeps). If your friends are visible to others, they went and sent friend requests and perhaps attempted to message people.
The messages generally request money, visa gift cards, etc. for some unexpected emergency. There’s usually an embarrassing story they don’t want to tell, and they tell you to not call them.
They did not gain access to the Facebook account / nor know your password. You have not been hacked. You’re the victim of drive-by Xeroxing.
The solution is notify your friends, report the fake account, maybe change your password if you’re worried (you shouldn’t be worried about anything other than whether your friends fall for whatever scam is being acted using your profile picture and name.)
Basically if someone gets a friend request from you, and they’re previously your friend, the account is cloned. Don’t accept friend requests from friends you already have on your list.
Facebook account hacked
In this case your friends receive a message from you. Usually with the text “hey, you’re in this video!” Passwords are quite often changed, they have access to all your old content. This one’s serious.
When your account is hacked, you’re probably not easily logging in and saying “my account was hacked.” This one you worry about. When you gain control of the account again change the password to something you never use anywhere else, and don’t ever log back into Facebook without checking that you’re actually on Facebook and not being presented with a popup login that looks like FB.
If you’re on Facebook and it asks you to log in again for some reason, close that window, open a new one, go to facebook.com and if that one wants you to log in, go for it.
Never log into Facebook when it unexpectedly asks you to
Playing a game and it asks you to log back into Facebook? Don’t.
Clicked on a friend’s link and finding you’re being asked to log into Facebook again? Don’t.
Considering getting a Facebook account? Don’t.
Trying to connect a game or service with Facebook and for some reason it needs you to log into Facebook? Don’t.
But what if I need to log into Facebook?
Close the window. Open a new tab. Go to Facebook.com. Log in. If it asked you to log in again, the app or web page probably wasn’t malicious.
Most of the success of the cloning scams could easily be stopped by Facebook/META implementing a message on new friend requests that reads “looks like someone named John Smith is asking you to be their friend. John Smith is already your friend. Just a heads up that this is a common scam tactic and this account is requesting from a VPN reporting to be in the Island Nation of Tongo.”