Facebook cloning

There have recently been a number of reports concerning this.

Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list. The exploit is often successful because many unsuspecting friends just accept the scammer’s requests, assuming that the actual user has created a new account for some reason or forgetting that they are already friends with that person.

The scam doesn’t require any advanced technical knowledge or skills because the user accounts aren’t actually hacked, just copied. Anyone on Facebook can see anyone else’s profile picture and copy the image. Furthermore, because of the nature and purpose of social networking, most people’s friend’s lists are public, which means that the attacker can see, and send a request to, any or all of the user’s friends.

The user’s actual account has not been compromised and their messages and other data are as secure as they had been, depending on their privacy and security settings. The risks involved with Facebook cloning fall on the user’s friends. Once the scammer has accessed enough of the victim’s friends, there are a number of ploys that may be attempted. The scammer may, for example, request emergency funds, pretending to be stranded somewhere while travelling, or try to get advance funds from the targets for some bogus future payoff. In other cases, the scammer may use social engineering tactics to convince targets to provide sensitive information, which can then be used for identity theft.

Several posts that frequently make the rounds claim that all or almost all Facebook accounts are being cloned, which is not the case. Nevertheless, account cloning is an actual threat. As with the burden of risk, the onus is also on the account owner’s friends to protect themselves from the exploit. The best way to prevent yourself from falling prey to Facebook cloning scams is to be careful about friend requests in general: Don’t automatically accept requests without checking out the requester’s profile and never accept unless the account seems valid. If you receive a request from someone who is already a friend, be doubly suspicious.

Latest Cybersecurity Alerts

Facebook cloning


There have recently been a number of reports concerning this. Facebook cloning is a scam in which the attacker copies the profile picture of an aut [...]Read More

Fraudulent text messages in the name of Santander


Santander customers are being targeted by scammers using fake text messages. Here's what to watch out for and the information you should never reveal. [...]Read More

Sensitive US Air Force data found exposed online


A misconfigured, unsecured backup drive containing a huge amount of sensitive (but not classified) data on US Air Force officers has been sitting onli [...]Read More

Cybercriminals Hijack Magento Extension to Steal Card Data


Cybercriminals have been abusing a payment module to steal credit card data from online shops powered by the Magento ecommerce platform, web security [...]Read More

Computer and bank fraud case involves losses of €400,000


A man of 31 years was arrested by the PJ suspected of computer fraud, forgery, illegitimate access and money laundering, crimes that caused damages of [...]Read More

 PJ arrest suspect of cheating 13 thousand people of 15 million euros


The Judiciary Police of Setúbal detained a man suspected of having cheated 13,000 people in 15 million euros, through an internet platform in which h [...]Read More