Facebook Online

My Facebook friends are getting messages I didn’t send – has my account been hacked?

Facebook Messenger
Double trouble: cloned accounts target Facebook Messenger

Chances are your Facebook account hasn’t been ‘hacked’, it’s been cloned.

‘Hacked’ has become something of a catch-all term in the mainstream media, used as a shorthand for any kind of computer attack. But if your friends are suddenly being plagued with Facebook Messenger messages from an account bearing your name and your photo, it’s unlikely the attackers have stolen your password and broken into your account. They’ve merely created a new account in your name, by scraping information you’ve made public on your Facebook profile.

How did they clone your account? Probably because you gave too much information away to complete strangers.

On your computer, go to Facebook settings, click Timeline and Tagging in the left-hand pane and next to ‘Review what other people see in your Timeline’ click View As. This will show your Facebook profile as it would appear to a complete stranger. If they can see all your photos, your friends and other personal information, you’re a soft target for the conmen.

Facebook settings

To clone your account, the con artist simply opens a new account in your name, using your current profile pic, and then starts hitting all your pals with friend requests. Some people will smell a rat when they receive another friend request from you; others will think you’ve temporarily de-friended them or maybe even have forgotten you were friends in the first place, and accept the request from the fake account.

In short order, the conmen will send your friends messages using Facebook Messenger, asking how they are, what they’ve been up to, and then post a tempting link, such as “Have you seen this?” or “Have you seen Facebook is giving away loads of cash if you enter this competition?”. If your friends click on that link, they’re in a world of pain, as it will either want them to hand over personal details or install something dreadful on their computer.

How to prevent Facebook cloning

The best way to stop the cloners is to tighten up on who can view your profile and personal information. Go into Facebook’s settings again and click the Privacy tab on the left.

Change ‘Who can see my stuff’ to only your friends, and change ‘Who can see your friends list?’ to Only Me. This will prevent complete strangers from being able to target your nearest and dearest (and even the bloke you went to school with 25 years ago, who you can’t abide).

Facebook settings

While you’re there, you might as well check you’re happy with the rest of Facebook’s clusterbomb of privacy settings.

If you’re still at all concerned your actual account has been hacked, change your password in the Security and login section and then, for good measure, turn on two-factor authentication. This will send a code to your mobile phone every time someone attempts to login to your Facebook account from a new device. So, unless the Facebook fiend has managed to steal your phone too, nobody can break into your account.

Finally, get your friends to report the cloned account to Facebook (by clicking on the Help icon and Report a problem). Although ask them to make sure they’re reporting the clone and not your actual account. Otherwise, you might find yourself locked out of your Facebook account after all…

Now read this: The BBC asked for loads of your Facebook data. What did it do with it?

(Top picture credit: Kārlis Dambrāns)

About the author

Barry Collins

Barry has scribbled about tech for almost 20 years for The Sunday Times, PC Pro, WebUser, Which? and many others. He was once Deputy Editor of Mail Online and remains in therapy to this day. Email Barry at barry@bigtechquestion.com.


Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • If Facebook doesn’t try to stop and remove these clones and we can’t talk to the “clown” without trying to friend them, what do we do?

  • I am done with facebook, just asked for my accounts to be deleted. Today has been utter hell. I got a post on my business facebook page that was a screenshot of what looked like me messaging a girl. She posted it all over sites around town and to my business facebook account. When i got a notification for the post is when i seen it and freaked out. Then tons of people started messaging it to my wife (luckaly i had already showed it to her and was trying to shut it down). About half the people understood the truth others told her i was lying. When i looked at my login activity it showed someone on the other end of the state and someone else on the other end of the country had logged into my account. I am worried this could do detrimental damage to my small business just so some hacker could get a laugh. I deactived my business and personal facebook accounts and asked facebook to delete them. As a struggling small business owner i cant have this kind of stuff happening.

  • How can messages from a cloned account show up in the inbox of the original account? That is totally impossible and your article is bogus. the ONLY way messages are being sent from your own account is because you visited a phishing website/link and it asked you to log in to see something and you did. then someone got your name and password and signed into your actual account and sent the messages. No, your account wasn’t hacked, and it wasn’t cloned. you gave someone your Facebook log in information. The best remedy is to change your password and in the future NEVER sign in w/ Facebook to view something. ESPECIALLY links sent in messenger.

  • Thanks for the helpful article! I must admit, I used bots and software (like cucomm) to automatically send messages to users on Facebook. Sometimes it is useful in promoting projects, but sometimes it makes others uncomfortable.

  • I recently locked and unfriended a guy who (I’ve known since 1984) has obsessivly been stalking me. I got a weird friend request through messenger from a mutual friend of ours who said she didn’t realize we weren’t friends any more and wanted to reconnect. She also said some unusual comments about my now boyfriend. I don’t think she sent it and the stalker has been known for creating many accounts and probably even cloning. Could that request come from him posing as my girlfriend?

  • I just recently started using FB promotion tools to promote my band. Then my wife found two messages to our page in messenger that appear as if the conversation was started from our account. Until we started using promotions, this had not happened. The outgoing messages to both users was the same and to the effect of “how can we help?”
    It should be noted that I don’t use messenger and I don’t even have the app on my phone. I would like to know if this has happened to anyone else.