Facebook: Be careful when accepting friend requests from people you know.

Problem Summary

We’re all familiar with the warning to be cautious when accepting emails or social media requests from people we don’t know. Now it’s important to use caution when accepting friend requests from those we do know. Here’s why.

  • Scammers will setup a fake ‘imposter’ Facebook account using your friend’s name and maybe two or three of their photos. Then they will send you a friend request.
  • Because the friend request comes from someone you know, you’re less likely to be skeptical about it.
  • Additionally, because a few of your common friends will have already been duped into the scam, when you see the request come in,  you’ll see that you have several friends in common and that will further reassure you that the request is legitimate.

At this point, the snowball effect begins. The people behind these scams seek to build massive databases of names and personal information for identity theft, social engineering, and hacking into accounts.

You and those you know, who may have their Facebook content marked as ‘viewable by my friends and their friends’ are exposed to having all their content and list of friends stolen and misused.

So, for this reason, be VERY careful when accepting friend requests on Facebook even from people you know.

What To Do if You’re the Target

If someone has setup an imposter account pretending to be you, don’t post a message saying “my account has been hacked” because then your friends won’t know which account to trust. Explain that your account hasn’t been hacked, but that someone setup a new ‘fake / imposter’ account in your name and that you’re reporting it. Then follow the instructions on this page to report it and have it shut down.

Identification and Prevention – 3 Easy Steps

Here are three easy steps to identify and prevent fake accounts. (source)

  1. Take a few seconds to look and see if you are already friends with that person. If so, the new one is likely fake.
  2. Glance at the profile for the person making the request. Does it look legitimate? Often the fake accounts have only a few simple posts.
  3. Communicate with the person making the request. Send a message: “Hi ____, I’m just making sure this is really you.” If they reply by telling you that Facebook is giving away a million dollars, it’s probably fake.

If it’s fake, take a moment to report it quickly before the scam spreads. Use the steps below.

How to Report and Shut Down Imposters

Because this is becoming a very prevalent problem, Facebook has improved the mechanism for reporting it. Follow the instructions shown below. Click the image for a larger view. In step 4 you can indicate whether someone is pretending to be you or someone  you know.

20160910sa0700-how-to-report-fake-imposter-facebook-accounts-1024x1500

Further Reading

Here are some additional articles on the topic of Facebook safety and how to avoid Facebook scams.

Facebook has an official ‘how to report things‘ page.

You can view all Facebook support requests in your support inbox, including reporting of user accounts.

On Facebook Use Caution When Approving Friend Requests

Today I received a friend request from someone on Facebook. Usually I would just click “Approve” and move on.

Yet, we only had one friend in common, and upon checking this person’s Facebook profile, it showed that they had only one post on their timeline (a poor quality profile pic), yet they were adding friends on Facebook at a furious rate. I couldn’t really find anything from a Google search on this person. It was as if they didn’t exist.

Many of the people who he friended are from my community — people I know, although we’re not Friends on Facebook.

I thought I’d spend a few minutes investigating this a bit, so I contacted some of the people (dozens added in the last hour) who had recently friended him.

Turns out none of these people really know anything about him.

Potential Harm

Here’s the danger in accepting friend requests too quickly:

  1. The person controlling the fake user account (a troll) gets access to your entire friend list.
  2. The troll or potential hacker sees your private timeline posts as if they are your friend or family member. They see things about you that you’ve set as not public and only viewable to friends or friends of friends.
  3. Because of your supposed friendship with this fictitious person, the troll then gains the trust of your friends, so when the friend request appears, your friends think they are a trusted and known individual. So, they accept the friend request, and the troll returns to step 1 above to become friends with everyone that person knows, and so on.

The goal of these people is to quickly build up a huge friends list on Facebook which can grow exponentially. These accounts are typically built up over time and then sold on the black market to spammers, advertisers, and hackers who attempt to use reverse social engineering to hack into Facebook accounts (and your other accounts) based on what they gather from your personal information online.

What You Can Do

While Facebook is usually a fun and safe online environment, it’s still important to be cautious.

  • Alert Your Friends. If you suspect some suspicious activity, let your friends know — the friends who have already friended a troll using a fake account.
  • Alert Others. Look at the list of people the fake account has friended. Some of them will be people you’re not friends with, but you have dozens of friends in common. In other words, they are likely legitimate users. You could also consider notifying them.
  • Notify Facebook. You can also contact Facebook about suspicious activity. Go to the profile of the person you suspect is fraudulently using Facebook. Click on the dots to the right of the Message button and choose Report to report the person. You can also Block them.

It’s everyone’s responsibility to help keep Facebook safe and secure through each person being careful about who they connect with.

UPDATE #1

Several hours ago, there was no Google image match on the Internet for the profile image that had been posted by the fictitious user. None. Now, a few hours later, that same image is showing up for multiple user accounts under different names on Twitter and other websites. On those sites, he’s also posted little or nothing, but building friend networks.

UPDATE #2

Facebook took down the fraudulent user’s account within a few more hours of this post. Another victory.