Facebook account cloning is a simple scam – but it’s easy to be fooled by it. A scammer will make a copy of your real account, using your Facebook profile photo and other public information, to trick your friends with scams or spam that seem to be coming from someone they know and trust. A cloned account may convince your friends to send money, collect passwords or other information, or spam them with posts and messages for sketchy sites. For example, the cloned account could message your friend saying they need cash to handle some emergency – like, being mugged and needing funds to get back home.
You may think your friends are too smart to fall for a scam like that, but because these requests come from you, they may respond without thinking. That's why I recommend double-checking any new Friend requests from people you're already Friends with of Facebook before accepting. If you're friends in real life, they won't mind you contacting them outside of Facebook to confirm.
The good news is that account cloning isn’t a hack or an exploit – your Facebook password is still safe and your account hasn't been compromised. But being the source of scams and spam for your friends is probably not the position you want to be in. So, I have advice for how to tell if your account has been cloned and, more importantly, how to prevent it from being cloned in the first place.
How do I know if my Facebook account has been cloned?
You can search Facebook for your name to see if there are other accounts pretending to be you, but this often isn't very helpful. Someone else on Facebook likely legitimately shares your name. While you can do this to look for duplicates, not every result will be someone maliciously cloning your account. Scammers are also clever enough to block your real account from seeing the cloned account so you can't find and report it.
You're far more likely to discover your account has been cloned after the fact. Before a cloner can scam your friends they have to send a friend request from the cloned account, which can set off red flags for the security savvy. If your friends accept the friend request without thinking, they'll start receiving messages that may not sound like you. When a friend tells you they’ve gotten a friend request or a suspicious message, that could be a sign your account has been cloned.
What should I do if my Facebook account has been cloned?
Facebook doesn't allow accounts to impersonate others. If you find a cloned account, you and your friends should report it to Facebook. Just go to the cloned profile and:
- Click the "…" icon in the upper right of their profile page.
- Select "Find support or report," "Pretending to be something," and then "Friend."
- Follow the instructions onscreen to report the account for impersonating you.
Once you’ve reported the page, post to your timeline and tell friends not to accept new friend requests from you, and to ignore any messages that might be scams.
How can I avoid Facebook account cloning?
Avoiding your account being cloned and protecting your friends from the associated scams and spam is really simple to do. The key is hiding your Facebook friends list. Anyone who clones your account will use your public friends list as a list of targets. But if your Friends list is private, it's much harder for them to come up with the list of your friends and family to target.
I have my friends list hidden and I advise everyone I know to do the same. Hiding your friends list only takes a few quick clicks and I'll walk you through it in my story on How to Hide your Friends List on Facebook.
How do I know if my Facebook account has been hacked rather than cloned?
When your account is cloned, someone on Facebook is pretending to be you. But when your account is hacked, someone has gained access to your Facebook password and is actually using your Facebook account to be you. The most obvious signs of hacking are spam posts from your real account or being locked out of your account entirely. Though it's possible someone has hacked your account using stolen credentials but not yet taken any action. To confirm if your Facebook account has been hacked, you can check for any unusual logins:
- Open Facebook from your web browser.
- Click your profile photo in the upper right to open the menu, then select "Settings & privacy."
- Select "Settings."
- In the "Your activity" section in the left-hand column, select "Activity log" and then "Where You're Logged In."
- The "Where You're Logged In" section tells you every device logged on to your account and when they last logged on. Review each login to decide if it's you.
If every login was you, then you have nothing to worry about. Unrecognized logins are not a sure sign you've been hacked (you may have simply logged in on a family member's device or an old phone and forgotten about it), but you can make sure you're protected by following the steps below.
What should I do if my Facebook account has been hacked?
If you don't recognize a login, click on the menu (three dots) for that login and choose "Log out." This will boot out the possible hacker. After that, change your password and set up two-factor authentication for extra security:
- Open Facebook from your web browser.
- Click your profile photo in the upper right to open the menu, then select "Settings & privacy."
- Select "Settings."
- In the Meta Account Center box, select "Password and security" and then select "Password and security" again on the Meta Account Center page. There, you'll find the options for changing your password and enabling two-factor authentication.
Even if you haven't been hacked, turning on alerts for unrecognized logins is a good idea. When it's enabled, Facebook will tell you if an unrecognized device logs onto your account, so you'll know immediately if a hacker has access to your account. On the Meta Account Center page, you'll also find the option for "Login alerts." I recommend selecting both in-app notifications and at least one email address.
Unfortunately, when your account is hacked, the hacker usually changes your password, email address, and phone number, making it very difficult for you to access or recover your account. If this happens to your account, Facebook has an account recovery process you need to follow to regain access. Anecdotally, we've heard mixed results from readers on whether Facebook is able to assist them to get back in, but there is no alternative method.
Read our story: The Complete Guide to Facebook Privacy Settings
Updated on 5/28/2024 with current instructions on how to change your settings.
[Image credit: Techlicious]
Elizabeth Harper is a writer and editor with more than a decade of experience covering consumer technology and entertainment. In addition to writing for Techlicious, she's Editorial Director of Blizzard Watch and is published on sites all over the web including Time, CBS, Engadget, The Daily Dot and DealNews.
From Heather DiCosmo on April 09, 2019 :: 3:32 am
I’m not sure why I’m seeing another person’s FB profile pic &his; friends every time I try to login to my account. I’m not a hacker, I’m not sure what’s going on here. Can someone please help me resolve this bc I don’t want anyone seeing my personal private stuff or my accounts or pictures.
Reply
From Josh Kirschner on April 09, 2019 :: 11:14 am
Are you seeing someone else’s pic before you log in or after you log in? If it’s before you log in, that’s just because that person used your device to log in to Facebook previously. You can change that by clicking the X in the corner of the picture to “Remove account from this page”.
If you’re seeing someone’s picture after you log in, are you sure you’re logging in with your credentials and not someone else’s credentials who were saved on your device and are being autofilled during the log in?
Reply
From Lia on January 08, 2021 :: 4:57 am
It’s possible that that other account has used that device you are trying to login from ie. You bought a used phone or used computer that wasn’t properly wiped, or you are on a public computer.
Try clearing your cache and deleting your cookies, and see if that helps.
Reply