It’s happening increasingly often. I’ll receive a “friend request” from someone who is already my Facebook “friend”. I review the profile, and it looks almost identical to my existing Facebook friend’s profile with one big exception: There’s no history other than today when a profile photo and cover photo were added that match the ones my existing Facebook friend has.

That’s your first clue that this Facebook account is CLONED and was NOT created by the person you think it was. (Warning: Sometimes someone will create a new account if they got locked out of their original account and couldn’t recover it, but that’s rare).

The second clue is to look at the profile of the person you already have as a Facebook friend. See if their account is active and also if their friends list is PUBLIC (meaning you can see ALL of their friends). If so, they have set themselves up to have a hacker/spammer CLONE their profile to get access to their friends.

If your friends list is PUBLIC, ANYONE can see who your friends are and can send them a friend request as YOU once they have cloned your profile

Unfortunately, many people don’t pay attention and just assume either they weren’t already friends with the person, or the person had to create a new profile, so they just say “yes” to the friend request.

Why would a scammer want to do this? There are several reasons that I can think of off the top of my head. Once the scammer has “friended” you, they can:

• Send you a private message with a fake story just like the old email scams where someone says they are stranded without money and are asking you to send money to them
• Scan your profile (since they now have full access to it) for personally-identifiable information that will allow them to do identity theft
• If that info isn’t in your profile, they can PM you and ask you for private information that could possibly help them do identity theft
• Send you links in a private message or post to your timeline links that contain viruses or cause you to send out spam on their behalf
• Steal your private photos (including those of your children) and use them for nefarious reasons
• If your phone number is listed in your profile, they will steal the number to sell to telemarketers

That’s just a few off the top of my head.

How Do You Keep Hackers/Spammers from Cloning Your Account?

It’s so simple, but 90% of the people don’t do it.

Make your friends list PRIVATE.

If your friends list is PRIVATE, then spammers/hackers who are not friends with you won’t know who your friends are, so you are of no use them in terms of cloning your profile. They clone your profile so they can impersonate you and get access to your friends, so if you take your friends out of the equation, you will no longer be a target.

Simple, huh?

Here’s how to make your friends list private:

I haven’t found a way to do this on the mobile app, so log into Facebook on your desktop computer. Go to your “profile” page by clicking on your name at the very top of the page in the blue bar. Once you’re on your profile page, look to the left-hand side. You’ll see a box that says “Friends” and has all your friends listed. At the upper right-hand corner of that box is a little down arrow. If you click it, you’ll see a popup that says “Edit Privacy”.

Click that little popup, and change the privacy setting to “Only Me”.

That’s it. You have now protected yourself from being a target for spammers/hackers who clone sites to get access to friends lists. Now when one of your friends looks at your profile page, the ONLY friends they will see listed are any friends you have in common. They won’t see any others. But most importantly, spammers/hackers will see NO FRIENDS.

By the way, the spammers/hackers don’t need access to your account to clone it. Your cover photo and profile photo are usually public unless you specifically set your profile photo to private. All they need is to be able to SEE your photos and your public friends list and they’ll have everything they need to clone your profile. Because of this, you should feel safe that your password was probably never compromised. More than likely, they never had access to your account directly. You can change your password if you’d like to (and it’s generally a good idea to do that periodically), but it’s probably not necessary in this case.

Please tell all of your friends about this tip and have them protect themselves.