Cloning Facebook Profiles

Facebook-ClonedThis story is a few weeks old but I only got wind of it in the last day. A bit of background for those people who may not have heard: scammers have taken to cloning Facebook profiles, a process that’s actually relatively easily and could very well be automated. Basically, a new Facebook profile is created with the same photos and names of an existing profile. All publicly available information can be copied across including Likes, Contact details, Work and School information, and even Notes. The scammer then sends friend requests to the original person’s friends. These friends may get a little confused as to why someone who’s already on their friends’ list is refriending them but should they accept, the scammer now has an in and can, if the friendship is a trusted one, extort money from these new friends.

Of course, scammers can get pretty crafty. It’s possible to block another profile even if they aren’t a direct friend. So a scammer can clone your profile, block you, and you will never know of their existence. This means they can comment on the same post you have commented, immediately after you, extending your words for their own purposes and you will not know it. This becomes an issue if, for example, you’ve just mentioned your recent car service and the scammer follow that comment up with “Please can someone lend my some cash to tie me over until month end” or something similar.

Of all the friends I have on Facebook, there are around less than 5 that I’ve never actually met in the real world. And my friends are pretty good about connecting with me on alternative means when I’m in a bad place so nobody I know, I reckon, would be duped into parting with a few Rand by a cloner. On the other hand, anybody who clones me would be very able to spread misinformation and potentially paint a horrible online picture of me. Potentially. They’d really have their work cut out for them with all the already dodgy photos and info about me already on my actual profile.

While I really enjoy having an online persona, it’s not tied to the real me and I’d like to think that I wouldn’t get overly distraught by the intentional defacing of my good name. But what about the people whose social media personas are intricately tied in to their self-worth or their career. Public defamation can cost much more than a measly amount of scammed Rand. And that’s what a cloned scammer has the power to do. Which is possibly a good reason to block your enemies on Facebook before they block you.

And since we’re on that thread, what could the average Josephine do to protect themselves from being cloned?

Of course, there’s the basic awareness. Don’t accept random friendship requests. Don’t give access to apps and websites unless you know that they’re trusted and you know what they’re going to do with your information. Be aware of what information an app or website is requesting; does that new online game really need access to all your photos, for example.

Facebook Friends Privacy

(click/tap to enlarge)

Beyond that, check your privacy settings. Unless it’s a personal vendetta, the only reason a scammer would want to clone your profile is to be able to con your friends into connecting with them (so as to elicit something out of them down the line). Which means they need to be able to see your Friends List in the first place. Personally, I’ve got my Friends List viewable to Friends of Friends which is more secure than having it open to the public but there’s no guarantee that the scammer isn’t already connected to one of my friends. The safest bet would be to turn your Friends List privacy to “Only Me” and you can set it by finding your Friends on the left column of your Facebook Timeline and click the little edit icon on the top right of the box.

Hiding your friends list from everyone is safest but also counter productive to the nature of a social network. When somebody sends me a friend request and I don’t recognise them, my first check point is who are our mutual friends. If their friends list is hidden from me, I can’t check this which means their request gets ignored.

So what’s the solution?

We simply have to exercise the same caution that we express in the real world as we do in the online world. Be wary of what information you do share and with who you share it. Don’t make Facebook the online point of communication with friends. It should be fairly obvious but, apparently, it isn’t. Scammers can be clever and use appropriate emotional influence to get what they want but just like you’re not going to fall for a 419 scam, you won’t fall for your best friend requesting urgent funds from you via Facebook. Well, at least, I hope not.