It’s a notification we’ve all received: a friend request from someone you thought you were already friends with. Your heart might sink – has your friend been hacked? Are you about to be scammed? Before you hit “Accept” or start worrying, let’s break down the difference between a “Cloned Profile” and a “Hacked Account,” and why one is much easier to fix than the other.
The Clone: The Identity Thief
A cloned profile is the most common trick on Facebook. This isn’t high-level hacking; it’s actually quite lazy! A scammer simply saves your profile picture and copies your “About” info to a brand-new account. They then start adding all your friends, hoping a few people will think, “Oh, I must have unfriended Lucy by accident,” and accept the request.
Once you accept, they usually send a message: “Hey! I’m in a bit of a rush, can you help me with a quick favour?” or “Look at this video of you!” followed by a link.
- The good news: Your friend hasn’t actually “lost” their account. Their real profile is perfectly safe.
- The fix: Do not accept the request. Instead, go to the fake profile, click the three dots (…), and select “Report Profile” for pretending to be someone else.
The Hack: The Locked Door
A hacked account is different. This is when a scammer actually gets hold of a person’s password and locks them out of their own profile. They can then post on their timeline or message friends directly from the real account. This is rarer but more serious because the scammer has control of the person’s photos and private messages.
Why You Should Never “Just Click”
Whether it’s a clone or a hack, the goal is always the same: to get you to click a link. These links often lead to fake login pages that look exactly like Facebook or Amazon. If you enter your details, they’ve got you.
The Golden Rule: If a friend sends you a link out of the blue – especially if it’s accompanied by a message like “Is this you in this video?” – stop. Does this sound like them? If your Auntie June suddenly starts talking about “Crypto Currency” at 2AM, it’s probably not Auntie June.
How to Stay Safe
Before you click anything or panic, try these three steps:
- The Reality Check: If you get a duplicate request, search for that friend in your current list. If they are already there, the new one is a clone. Delete it and move on.
- The “Side-Step” Message: If a friend sends a weird link, don’t reply to it. Instead, text their mobile or give them a ring. Ask: “Did you just message me on Facebook?” Usually, the answer is a very confused “No!”
- Check the Link Preview: As we discussed with QR codes, look at the link before you click. Does it say facebook.com/… or does it look like bit.ly/xyz123? If it looks messy, stay away.
Your Best Defence: Two-Factor Authentication (2FA)
2FA is the single best way to prevent your account from being hacked. It means that even if a scammer guesses your password, they can’t get in without a special code sent to your phone.
To set this up, go to Settings & Privacy > Settings > Accounts Centre > Password and Security. Tap Two-factor authentication and follow the prompts to link your mobile number. It’s a tiny bit more effort when you log in on a new computer, but it makes your account much more secure.
A Note on Your Own Privacy
Scammers love public information. One reason clones are so successful is that many of us leave our “Friends List” open for anyone to see.
Go into your Facebook Settings > How People Find and Contact You, and change “Who can see your friends list?” to “Friends” only. If a scammer can’t see who you know, they can’t target them.
I hope this helps take the stress out of your notifications. If you’re worried your account or business page isn’t secure, I’m always happy to help.
