Facebook Online

My Facebook friends are getting messages I didn’t send – has my account been hacked?

Facebook Messenger
Double trouble: cloned accounts target Facebook Messenger

Chances are your Facebook account hasn’t been ‘hacked’, it’s been cloned.

‘Hacked’ has become something of a catch-all term in the mainstream media, used as a shorthand for any kind of computer attack. But if your friends are suddenly being plagued with Facebook Messenger messages from an account bearing your name and your photo, it’s unlikely the attackers have stolen your password and broken into your account. They’ve merely created a new account in your name, by scraping information you’ve made public on your Facebook profile.

How did they clone your account? Probably because you gave too much information away to complete strangers.

On your computer, go to Facebook settings, click Timeline and Tagging in the left-hand pane and next to ‘Review what other people see in your Timeline’ click View As. This will show your Facebook profile as it would appear to a complete stranger. If they can see all your photos, your friends and other personal information, you’re a soft target for the conmen.

Facebook: view as public
You can see how your account looks to strangers

To clone your account, the con artist simply opens a new account in your name, using your current profile pic, and then starts hitting all your pals with friend requests. Some people will smell a rat when they receive another friend request from you; others will think you’ve temporarily de-friended them or maybe even have forgotten you were friends in the first place, and accept the request from the fake account.

In short order, the conmen will send your friends messages using Facebook Messenger, asking how they are, what they’ve been up to, and then post a tempting link, such as “Have you seen this?” or “Have you seen Facebook is giving away loads of cash if you enter this competition?”. If your friends click on that link, they’re in a world of pain, as it will either want them to hand over personal details or install something dreadful on their computer.

How to prevent Facebook cloning

The best way to stop the cloners is to tighten up on who can view your profile and personal information. Go into Facebook’s settings again and click the Privacy tab on the left.

Change ‘Who can see my stuff’ to only your friends, and change ‘Who can see your friends list?’ to Only Me. This will prevent complete strangers from being able to target your nearest and dearest (and even the bloke you went to school with 25 years ago, who you can’t abide).

W

Facebook privacy settings
Keep your friends list to yourself

While you’re there, you might as well check you’re happy with the rest of Facebook’s clusterbomb of privacy settings.

If you’re still at all concerned your actual account has been hacked, change your password in the Security and login section and then, for good measure, turn on two-factor authentication. This will send a code to your mobile phone every time someone attempts to login to your Facebook account from a new device. So, unless the Facebook fiend has managed to steal your phone too, nobody can break into your account.

Finally, get your friends to report the cloned account to Facebook (by clicking on the Help icon and Report a problem). Although ask them to make sure they’re reporting the clone and not your actual account. Otherwise, you might find yourself locked out of your Facebook account after all…

(Top picture credit: Kārlis Dambrāns)

About the author

Barry Collins

Barry has scribbled about tech for almost 20 years for The Sunday Times, PC Pro, WebUser, Which? and many others. He was once Deputy Editor of Mail Online and remains in therapy to this day. Email Barry at barry@bigtechquestion.com.

2 Comments

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • If Facebook doesn’t try to stop and remove these clones and we can’t talk to the “clown” without trying to friend them, what do we do?

  • I am done with facebook, just asked for my accounts to be deleted. Today has been utter hell. I got a post on my business facebook page that was a screenshot of what looked like me messaging a girl. She posted it all over sites around town and to my business facebook account. When i got a notification for the post is when i seen it and freaked out. Then tons of people started messaging it to my wife (luckaly i had already showed it to her and was trying to shut it down). About half the people understood the truth others told her i was lying. When i looked at my login activity it showed someone on the other end of the state and someone else on the other end of the country had logged into my account. I am worried this could do detrimental damage to my small business just so some hacker could get a laugh. I deactived my business and personal facebook accounts and asked facebook to delete them. As a struggling small business owner i cant have this kind of stuff happening.

%d bloggers like this: