HOW SOCIAL MEDIA CLONING SCAMS WORK
Cloning accounts, also known as duplicate or copycat accounts, is not new, but the problem persists for a simple reason: Fake accounts are effective and easy to create.
Scammers simply copy your name, photo, and personal information to create an account that appears to be yours. Next, they scan your friend list and send friend requests to people you know. Because the request is seemingly from you, your friends and family are not only likely to accept it but may trust the impostor’s messages, which can include not only political rants but phishing schemes and links that download malware, as well as requests for personal information and, you guessed it, money.
“It may be something along the lines of I’m stuck in Europe, and someone stole my wallet. Can you please send me $100?” says Josh Kirschner, founder and CEO of Techlicious, a site that publishes reviews and articles on consumer technology. If a friend of yours receives that message and thinks it’s really from you, they might send that money.
Conversely, Kirschner adds, when you accept an impostor’s friend request, that person now has “a channel into your Facebook feed. They can start spamming your account. They can post links to fraudulent websites or send you information about Bitcoin investments or whatever it may be.”
Although cloning can occur on any social media platform, it seems most prolific on Facebook and Instagram. In the third quarter of 2024 alone, Facebook took action against 1.1 billion fake accounts, Statista reported in February.
If you’ve ever received a friend request from someone who’s already a friend — or had a pal message you, “Did you just send me a friend request?” — you’ve probably dealt with a cloned account. Here are some ways to fight back.
HOW TO IDENTIFY AND AVOID SOCIAL MEDIA CLONING SCAMS
1. Stop and think before accepting a friend request.
Any time you receive a friend request, make sure you’re not already friends. If not, consider calling, emailing, or texting the person to make sure the request is real.
Also, look at their friend list. “If they only have six friends or they don’t have any post history, that’s a red flag,” Kirschner says.
“Also consider whether the request appears odd, based on what you know about the person,” says Michael Sherwood, vice president of product at Malwarebytes, a cyber-protection software company.
“Maybe your mom is messaging you at 4:30 in the morning,” he says. “Ask yourself: Does this feel like a normal message?”
2. Hide your Facebook friend list.
Scammers clone Facebook accounts because they want to connect with your friends. To prevent your friend list from being public, go to Facebook and click on your profile picture in the upper-right corner of the page.
Next, select “Settings & privacy” followed by “Settings.” Scroll down to “Audience and visibility” and click on “How people find and contact you.” Where it says, “Who can see your friends list,” select “Only me.”
3. Make your posts private, too.
While you’re navigating Facebook’s “Audience and visibility” settings, also click on “Posts.” Change the setting so that your posts are visible only to friends. “If you post something publicly and your friends go in and comment or react, then scammers will be able to see your friends that way as well,” Kirschner says.
4. Choose the “Private” setting in Instagram.
You can’t hide your followers on Instagram as you can on Facebook, but you can still prevent scammers from spotting your people. Just go to “Settings and activity,” click on “Account privacy,” and make your account private. After that, only your followers can see what you share.
5. Limit your profile information.
Scammers can use the information in your profile—where you went to school, where you work, where you live—to not only create a cloned account but also to connect with potential targets. The fake – you might target not just friends but people who went to the same high school or work at the same company.
6. Know the difference between cloning and hacking.
You probably know someone who has posted, “If you get a friend request, ignore it — my account has been hacked.” But if someone stole your username and password and logged in as you, they wouldn’t need to send out friend requests.
“A lot of people get their account cloned, and they think they’ve been hacked, and they’ll start changing their passwords,” Kirschner says. “But it’s not hacking if no one’s stolen your password or your ID. It’s simply a fake version of your account. Your original password and login are still fine.”
7. Report cloned accounts.
Facebook and Instagram both allow users to report cloned accounts. One catch: “A lot of times when people clone accounts, they will actually block you so you can’t see their account, which prevents you from reporting it,” Kirschner says. If you can’t see it, ask your friends to confirm the cloned account’s existence and report it to Facebook or Instagram.
