CYBER BLOG: Facebook Account Clone

CYBER BLOG: Facebook Account Clone

Over the last few days I have seen an increasing number of posts on Facebook that either claim hackers are cloning Facebook accounts or from people who say that their account is sending out friend requests from fake accounts. The posts claim that ‘almost every account is being cloned’. A few years ago this was a popular activity for attackers to do in order to try and spread malware among lots of people. The attackers would take your profile and cover pictures, create a new account and send friend requests to everyone on your friend list. Once people starting accepting the friend requests from the ‘new’ account, the attackers would then send messages to those people with links to phishing sites or sites that contained malware. I have no evidence that this type of activity is again under way, other than this increase in posts about it. There are however a couple of simple steps that you can take that will reduce the likelihood of your account being cloned in this manner.


The first thing to do is to look at your privacy settings on Facebook. Go to Settings, Privacy and then check to see who can view your Friends list. Make sure that this is set to, at the very least, Friends. This means that the only people who can view your list of friends need to already be a friend of yours. If someone is trying to clone your Facebook account, they will not then be able to send requests to your current friend list. This type of scam works as the attacker is trying to build trust before making the victim click on a malicious link.

Also in that section, check the other settings to make sure that you are comfortable with the choices that you have previously made around how people can either find you on Facebook or contact you on Facebook.

The other important thing to do is to select the Limit Past Posts option. This allows you to change the privacy setting of posts that you have previously made on Facebook. When you post a new Profile or Cover picture on Facebook, these are public by default. When you change your picture the old profile and cover image are still set as public. This is the section where you can change the privacy setting so that it is no longer public.

Although these steps will not prevent someone cloning your account as such, it will make your account less attractive as a target for someone wanting to do that. As I said previously, the whole point of cloning an account is to build trust with people before making them click a link. If the attacker can not see who your friends are then they will not be able to ‘make friends’ with your current friend list. People are naturally more suspicious of people that they do not know so are less likely to click on any links.


Gerry Grant, Chief Ethical Hacker

For more advice on cyber security, contact [email protected]


Related News

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.

Forgot password?