Someone receiving a second friend request likely doesn't mean you've been "hacked" - here's what it means and how you can help protect your account
Vicky Wu Click to Tweet
I think we’ve all experienced this at least once – a friend messages you to let you know they received a second friend request from you. And then the really scary news – they tell you that your account has been hacked!
But … don’t worry too much (yet). Your account doesn’t need to be hacked for someone to use your name and grab your profile photo to make a second fake profile.
However, they can be using this fake profile and the connections with your friends to try to undertake some “social hacking” in the future – either on your friends or you.
So you DO want to fix this … or if it hasn’t happened to you yet, even more important prevent it.
And no, we aren’t part of Facebook and have no affiliation with them other than the marketing we do on social media for our clients – we can’t see your account or fix it for you (that requires you logging in) – but we know these tips work because we’ve helped some clients make the same fix.
Also – if you’re an entrepreneur or business owner – since that’s who our blog is designed for – maintaining control over what people think you’re posting can be even more critical since social media can be an important part of your digital marketing mix – learn why.
When we say you likely weren’t “hacked”, what we mean is someone didn’t need to steal your Facebook password or anything like that to be able to send a second friend request to your friends. You probably don’t “need to change your password” like your friend also likely told you (although it’s not a bad idea, just to be safe).
Here’s what they sometimes do:
- They send you a friend request which you accept.
- Then, if your friend list is visible to them, they will save your profile image.
- They open a new account with “your name” and use your profile image.
- Then they will send friend requests to all of the friends on your list.
If your friend list is visible to the public, they don’t even have to send you a friend request first. They can just see your list of friends without being connected to you, and start sending requests immediately.
See how to help prevent this in the future below.
Why scammers make fake accounts
The most common is that they want to spam all of your friends with ads. Or post “click bait” posts, propaganda, or fake news to get people to click (sometimes to stir up controversy – in your name), and sometimes share links that can take them to a site infected with a virus.
A more sinister reason is for what we call social hacking or social engineering.
Social hacking is impersonating someone who is directly or indirectly known to the victims, done through pre-meditated research and planning to gain victims’ confidence. Social hackers take great measures to present overtones of familiarity and trustworthiness to elicit confidential or personal information.
So you may not be the end target – it could be one of your friends. Or you might.
This fake account may start interacting with your friends to learn as much as possible about you in order to find out information – such as information you’re answering in some of those seemingly benign “quiz” posts or random questions like “I love my dog – what was your first pet’s name” … which is a common security question that you may have set up on various accounts. This type of “social” information may let them access your real Facebook, your email, your home address, your bank accounts … etc.
They could also simply try to find out something like “mother’s maiden name” by looking through your friend list, finding a relative, then looking through their friend list, to try to find a last name that may be correct. That’s also often a security question answer.
One Step Everyone Should Do Now to Prevent This
How you can make your profile less appealing to the scammers
Basically – if they can’t access your friend list, your account will be less appealing. Not always, but for the most part.
If they can’t find your friends to send a request to, it makes their scammy job hard.
So here’s how you can lock down your friend list so that only you can see it:
- On a desktop, log into Facebook and click the dropdown arrow icon on the far right of the top menu
- Click on Settings & Privacy and choose Settings
- In the section titled “How People Find and Contact You” you will see an option for “Who can see your friends list”
- Click the Pencil icon / edit link on the right
- Using the dropdown arrow, change the group who can see your friends.
- Choose “only me” if you want your list to not be accessible to anyone who is not you (or not logged into your account). This is the setting I recommend, since you may accidentally accept a friend request from a scammer at some point, and you don’t want them to have access to your friend list.
- Friends only will let all of your friends be able to see your list, which may not help you in this situation. You can accidentally accept a friend invite from a scammer, and now that they’re a “friend” they can see everyone else on your list and start friending them from a second fake account.
- I have mine set on Custom, for only those accounts that I have added to a special list. This works if you already have a list set up (or set one up that you can then add people to). My list only has about 10 people, and it’s family that I personally know and know that I have the correct account added as a friend.
- Nothing else to do here, it saves automatically.
You likely set up the privacy on your friend list way back when you first joined Facebook. For me, that was 2006. I have no idea what options I may have chosen in 2006. That’s why it’s always good to undertake periodic privacy checkups on ALL of your accounts.
What to Do NOW if Someone Has Already Done This
The very first thing you want to do if you find that someone has impersonated you is to report the fake profile. Then, ask your friends to report the profile as well. Having the link to the exact imposter profile will hep you here.
Facebook is usually pretty quick and good about removing fake profiles.
Not sure if a fake profile has been made of you? Do a search for your exact name on Facebook, and see if one comes up with your photo.
Are You an Entrepreneur? This impacts you more.
Making sure your social media is tightly controlled can be even more important when you’re a business owner.
You are usually the face of your business.
What you communicate – on social media or anywhere else – can give prospects an idea about your business. This includes any time they THINK it’s you sharing a message even if it’s not you – which includes any time a scammer who has made a fake profile of you is making posts that you aren’t aware of.
Just imagine any issue that you have a personal stance about — religion, politics, abortion, environment, sex, drugs, guns, LBGTQ — heck even less controversial topics today can offend someone. There are plenty of issues on “one side” of any argument that can easily inflame people on the “other side” of the argument.
Now imagine a scammer has a fake profile and is posting things that are the opposite of what you believe. Maybe you profess your Christianity and the scammer is posting atheist messages. Maybe you a pro-gun and the scammer is posting anti-gun messages. Maybe you are a supporter of LBGTQ because you have a friend or family member that you are supporting and the scammer is posting homophobic messaging.
Making sure that you’re actually the one controlling the narrative in your digital marketing when you are an entrepreneur becomes even more important – which means that it’s also more important for you to make sure your social media profiles are less appealing to those scammers who may want to pretend to be you.
One of the things you can do on most social media platforms is simply search your name and see if there’s another profile that has your image. You can do this for your business as well. That’s one quick way to check.
I also set up Google Alerts for the owner name and business name for most of the marketing clients that we work with – those types of alerts can sometimes be the first spot you find out something has been posted about your business. Using Google Alerts is always a best practice for your digital marketing.
Our blog is FULL of marketing strategy and advice for entrepreneurs. We specialize in all areas digital marketing including social media. Check some of the Facebook posts below, or learn more about our social media management services for business.
How Do I Know When I’m Ready to Start Marketing? | Marketing Q&A
Entrepreneur Question: I don’t have everything ready yet for my marketing, how do I know...
Read MoreHow do I deal with people causing problems on my Facebook page? | Marketing Q&A
Entrepreneur Question: I recently offered advice to someone needing help with a person who was...
Read MoreLeveraging Social Media for Business Growth: Strategies for 2024
Social media stands as a cornerstone for business growth when it’s done well. As the...
Read More