CONTENTS
There is significant difference between being hacked and being spoofed (a.k.a. cloned) on Facebook. I often see people in a fear spiral when they don’t need to be, and after explaining the difference numerous times it finally occurred to me I could just do a blog post and then share the URL in the future. The spoofers get less of everybody’s time and attention.*
When Spoofing Has Actually Happened
Discovering someone’s been spoofed begins when a friend realizes something’s not right – they’ve received a friend request from someone they’re pretty darned sure they’re already friends with. The person spoofed doesn’t know unless someone tells them because spoofing / cloning is about fooling the friends, not the person being cloned.
When I get a suspicious friend request like this here’s what I do:
- I use Facebook search to find my friend’s profile and look at the URL for it. If at my desktop, I compare it to the URL for the account that’s made this new friend request. I see that they’re different. On a mobile device the URLs aren’t obvious, but I can see the new (cloned) profile has no recent activity that makes sense for the friend I already know.
- When I look at my real friend’s profile page, I usually already see posts from another friend saying, “YOU’VE BEEN HACKED! CHANGE YOUR PASSWORD!”
- And then usually there is a flurry of postings by the real person about all the mess and time spent on the infuriating, scary steps they are taking to secure their account.
- There is sometimes a friend winding them up into a fear spiral, and the person who is spoofed changes all their email passwords, their bank log ins, etc.
None of which is necessary and none of which takes care of the account that is pretending to be you.
Not that changing passwords from time to time is a bad thing. But in the case of Spoofing Internet Chicanery, it’s not necessary. However, for the sake of your friends, you should report the fake profile. It’s one of the few things Facebook quickly responds to.
How to tell the difference? Here you go.
When You’ve Been Hacked on Facebook and/or Messenger
Hacking on Facebook means someone has your password. Danger Danger Will Robinson! They are inside your account, and they can do anything with your account that you can do.
It’s possible they will reset your password so you can’t get into your Facebook or Messenger accounts.
Another tactic by bots is to log into your account, send the same spam message to ALL of your contacts, delete that message from your side of those conversations and then log out. Now all your friends have a virus-infected video or log-in phishing that is from the account they trust. Meanwhile, you have no record of it.
Another common behavior of a hacked account is that your account will suddenly begin tagging friends and posting pictures of spam advertisements. I see this most often with accounts that haven’t been used for years. (If an account has been abandoned you should block it.)
If any of these things happen, of course your friends will be alarmed, but they may not be able to use Facebook to reach you if you’ve been locked out by a password change. If you’re fortunate a friend will message or email you another way, or you’ll notice the activity yourself right away.
BEING HACKED IS A SECURITY EMERGENCY, especially if you’ve used that password on other accounts or you have set up any kind of payment system with Facebook, or used Facebook’s authentication to log into other accounts.
Immediately go to Facebook’s Hacked Accounts Help. Follow the directions. Change your passwords everywhere, especially email, banking, and credit card accounts. Keep an eye on your credit card transactions posted by your bank. And I am so sorry you’re going through this!
[Hackers can hide the fact that they have hacked you from you, so this is not meant to be an exhaustive response to detecting hacking in your account. This is just the highlights of common hacking behavior and where to go to resecure your Facebook account.]
When You’ve Been Spoofed on Facebook
Spoofing on Facebook means someone opened a new account and is pretending to be you. I see it happen probably once a week. It’s annoying but fairly harmless in terms of your Internet security. There are no posts you didn’t make on your own profile page, no messages you didn’t write yourself to your friends.
The cloned account is aimed at your friends. It’s a danger to all of them, especially if any of them are inexperienced in the Ways of Web Wickedness, like your Nana who is on Facebook just to see pictures of the grandkids. So you should deal with it in a timely way, but there’s no need to panic or napalm your existing password arrangements. Changing your password does nothing to a spoofed account.
Spoofers Don’t Have Your Password!
They’ve opened a new account, duplicated a few photos on your page to use n theirs, and they’ve copied your bio details. It takes literally just a few minutes to do. A visitor might believe that profile was the real you. It’s disconcerting to see, but there’s no reason to panic, change your passwords, or waste a lot of time worrying about it.
Their intent is to fool some of your friends into accepting a friend request, and then they will try to convince the friend (like your Nana!) to send money.
All it takes is one success to make it worth their while doing this to hundreds of people every single day. On the Facebook’s Hacked Accounts Help you’ll even see there’s a FAQ for “Someone is pretending to be my friend and is asking me for money.”
Steps to Take if You’ve Been Spoofed
- Change your profile picture to something very different and caption the photo, “Hey friends, I’m changing my profile picture for now because someone is pretending to be me.” Facebook gives new profile pictures huge exposure and a wide swath of your friends will see it.
- Also post a status update that says “There’s another profile on Facebook pretending to be me. Don’t send them money. Please block them. I’ve reported it to Facebook.” (You’ll still get posts from friends warning you that you’ve been hacked but now you know the difference, right?)
- Go to the thief’s profile and click the three-dot menu button and select “Report this profile.” Follow the instructions. When the person being spoofed reports it the thief’s profile is taken down much more quickly.
- Sometimes the thief takes the time to block the person they’re spoofing, making it harder for you to report their fake profile. Ask a friend for the URL of the fake to use in your report. And ask friends to make a report for you – this prompts Facebook to send you a security message asking if the report is true.
Steps to Take if a Friend has Been Spoofed (Cloned)
If you’re reading this because a friend is being spoofed, do this:
- Post on your friends wall/timeline and tag them in the post. “Hey so-and-so you’ve been spoofed, you should report it.”
- Include the URL of the faker profile so your friend can go right to it.
- Give them the URL for this blog if you think they might need it for reassurance. ( https://www.kallmaker.com/difference-hacking-spoofing-on-facebook/ )
- Do a report of your own. It’ll just take longer for Facebook to act on it. (Every once in a while, instead of allowing a report, Facebook tells you to message the friend instead. I have no idea why. Since you already did that you don’t need to do it again.)
- Return to the fake profile and delete the friend request. If offered the opportunity, mark it as spam. (Neither of my mobile devices offers this, but my desktop does.) Then using the three-dot menu again, block the profile permanently.
It will likely take a few hours to a day for the fake profile to disappear. Also, seriously, use the block function early and often. Times have changed – trust your gut.
Don’t Fear or Rage Spiral over Spoofing, Just Move On
That’s it. It’s annoying and disconcerting, but don’t give these asshats more of your time or energy than the situation warrants. Have a cup of tea. Read a book. As you were.
Discourage Future Spoofing
If you want to make your Facebook account less desirable to spoofers, consider making your Friends List private. Mine always has been and to my knowledge I’ve never been spoofed. Nor has this setting had any impact on the number of friend requests I get or my seeing the “people you may know” feature box. Thanks commenter Terry (@HelloMrWilson) for this safety reminder.
Tangentially, A Note about False Warnings via Spam Messenger Text
Are you here because you got this or a similar private Messenger text from a friend?
Resume your daily life, you haven’t been spoofed. The text is pure spam, and following the instructions turns it into a chain letter sent to every single friend.
Meanwhile, please take away this tip: If any message from any source includes instructions and pleading for you to forward it to all your friends, IT’S SPAM.
* The advice on this blog may apply to other social media platforms, but I haven’t gone through it with them. Also, this is only my advice. Go to that platform’s official Help area to get official Help. This post has been updated since its 2018 publication, including link checking.
Would you enjoy a novel about smart women who hate cheaters and frauds and like to hunt them down and put them in jail?
Related Topics
If you’re concerned about how apps you use and Facebook share specific data about you and what you watch, read, and buy via the web or another app, please check out my blog on Facebook’s new Off-Facebook Activity tool. Facebook moves the location of this process around, but it’s worth doing even if you have to hunt for it.
If you found this blog about Facebook Spoofing helpful, you also might find my blog about Infomercials and Credit Card Fraud helpful as well.
I also recommend this extremely thorough guide to protecting your privacy across many popular apps at VPNMentor.com. It’s from 2018, so might have dated links, but the advice is generally good, and it’s reassuring.
Copyrighted Material
