Why do Facebook accounts get cloned?

Here we discuss why Facebook accounts get cloned, and what potential scams can occur if a criminal does manage to clone your Facebook account.

First, what is a Facebook cloning scam?

We’ve discussed the scam before but in a nutshell it is when a cyber-crook creates a duplicate (clone) of a Facebook user’s account using information that is publicly available to them. Namely, the profile picture and profile name (both of which are always publicly visible and cannot be hidden) and anything else the crook can find that is set to public.

But it isn’t the user who’s had their account cloned that’s the real target of this scam. It’s their friends. The crook is creating this cloned account to fool the user’s friends into accepting a friend request and subsequently falling for a scam.

The crux of this scam is getting the user’s friends to believe the cloned account belongs to the user and thus accept a friend request from it. The scammer uses the friends list of the account they just cloned to send out friend requests and to see who accepts.

Perhaps the friends think they were accidentally unfriended, or the user created a second account. Whatever the reason, once friends begin accepting the requests, any number of scams can then be perpetrated upon them.

This is why crooks clone Facebook accounts.


Sponsored Content. Continued below...




What types of scams can happen if a user accepts a “cloned” friend request?

Malicious Links

Once they manage to fool a user’s friend into accepting a friend request, the crook may have managed to put themselves into a position of trust. After all, we trust our friends on social media, more so than strangers. As such, the crook can now abuse that trust by sending links to malicious websites, either by chat or by posting them on their newsfeed.

The hope is that the friends of the cloned user will click on the links believing them to have been posted by their friend. This can be combined with any number of social engineering tricks – for example the “hey is that you in this video?” trick to lure a victim into clicking a link.

These links can potentially lead anywhere, including malware-laden websites, phishing websites or spammy marketing websites.

Confidence scams

In this case, the crook contacts the friends that accepting their friend request through Facebook chat (all the while posing at the friend) claiming they are in the midst of a crisis. This typically follows along the theme of needing money urgently. For example, a lost wallet while abroad. The crook asks the friends to send money so they get themselves out of the crisis with the promise of full reimbursement.

The friends send the money under the belief they are helping out a friend, when in reality they are sending money to the crook posing as their friend.


Sponsored Content. Continued below...




Advance Fee Fraud

The crook may trick friends of the cloned account into believing they won a large sum of money by communicating with them over Facebook. This is called Advance Fee Fraud, and relies on a victim being tricked into handing over small fees in order to get a large payout, which, unbeknownst to the victim, doesn’t actually exist.

Phishing scams

Once the friend requests have been accepted, the scammer may change the name and profile picture of the account to “Facebook Security” and send messages to the friends of the cloned account posing as Facebook, providing links to spoof websites that steal a user’s login information when entered. Learn more about Facebook phishing scams here.

Avoiding cloning scams

Of course, to stop your own account getting cloned, hide your friends list from public view. (Find out how to do that here.) This prevents a criminal from knowing who to send friend requests to once they clone your account.

And to stop yourself getting targeted by cloned accounts, always be sceptical of friend requests from people you are already friends with. Always confirm outside of Facebook that the friend request is genuine first, preferably by phone or in person.

If your account gets cloned…

There is a great article on ThatsFake.com that detailed exactly what you should do if your account gets cloned. See it here.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)