I’ve discussed this before, but I’m bringing it up again because this seems to be persistent issue with folks I know. I’ve know people who shut down accounts believing they were hacked when they actually haven’t been compromised at all.
Let’s talk about an important distinction when it comes to misuse of your social media or email accounts: the distinction between being hacked and being cloned or spoofed.
For example, someone who is already your friend on Facebook gets a friend request from someone pretending to be you. Or you receive a friend request from someone pretending to be an existing friend.
Perhaps a friend receives a spam or scam email that purports to be from your email address. Or you get a complaint about emails of this type coming from your address.
Your first thought might be that you’ve been hacked. When an account is hacked, that means a bad actor has gained access to the account. It could be an individual who somehow obtained your private information. It is more likely it’s an automated program or a large organization dedicated to scamming that accessed that information through your bank or from a store where you used a card to pay.
But here’s an important thing to know. Facebook does not allow you to send friend requests to people who are already your friends. A friend request by you to someone you’re friends with cannot originate from your account. The same is true if you receive a request from someone you’re already friends with. It cannot come from their account. That means the Facebook account in question has not been hacked or compromised. No need to rush and change your password. What’s happened in these cases is that a scammer has cloned the account. They’ve stolen your name and your photo. And used it to create a new fake account.
Most of the time, it’s not an individual but an automated program or a room full of professional scammers working in a foreign country. There’s not much you can do except report the fake account to Facebook.
If someone receives a suspicious message from you, here’s how to find out if it was actually sent from your account, click the message icon at the top of your browser. If any messages have actually been exchanged with your friends, you’ll see them there.
If you don’t see the exact messages your friends received, it didn’t come from your account. If you do see the messages, changing your password will prevent further access to your account.
Your friends should report these suspicious messages to Facebook so Facebook can shut these creeps down.
The same holds true with emails that appear to have come from your account. Check your Sent folder to see if the messages are there. If you don’t see the messages, it means scammers have spoofed your email address. That just means they’ve altered the email to make it appear the message came from you when it did not.
If the messages are in your inbox, you’ve likely been compromised by some sort of malware. Change your email password and immediately run a security program.
By the way, here’s how you can report a request from a fake friend.
Instead of accepting or deleting the friend request, choose the three-dot menu for more.
Choose Give feedback or report this profile.
I selected Pretending to be someone but Fake account would be accurate as well.
Then it asked who the faker was pretending to be. Type in the friend’s name (or your name if it’s you.)
You’ll be able to select from your current friends list.
Facebook will then look into the account. They are usually removed within a day or two.