I don’t know how long this has been going on, but I know a friend of mine was hit today, and it occurred to me how easy it would be to work this particular scam.
She feared she had been hacked, changed her password on Facebook and warned all her friends to change theirs, just in case.
Of course, changing passwords frequently is always a good idea, and certainly won’t hurt anything. It’s just that this particular scam doesn’t require anything but social engineering, and maybe not even that.
Here’s what happened: I got a friend request in Facebook for someone with whom I was already friends. I thought it a bit odd, but it was her current profile picture, and so I thought that perhaps she had been unfriended accidentally and was just re-establishing. (I’ve had a few friends to whom that has happened in the last couple of months. I take them at their word that it was an accident and not irritation with me.) So I accepted.
For me, that was the end of it. But others apparently received spammy posts and attempts at conversation that revealed the “new” friend to be an impostor.
In retrospect, easy enough. Profile pictures, by their nature, are public. It’s trivial to copy someone’s profile picture and set up a new account using that person’s picture and name (but with the scammer’s email address).
If the “real” account has their friends list set so that it is publicly available, the scammer will then start sending friend requests to the people on that list, a large percentage of whom will accept. The scammer that targeted my friend was clumsy, sending obviously spammy messages, but with a little more sophistication, s/he could easily have tricked my friend’s friends into revealing personal information that could then have been used against them.
The default on friends lists is for them to be visible to other friends. Some people on Facebook routinely accept friend requests, on the theory that it’s a casual acquaintance, a student, a co-worker, etc. As soon as that request is accepted, the new “friend” can see all of the rest of the list.
It’s impossible to prevent someone from impersonating you, but it is possible to not make it easy for them to take advantage of your friends. Change the settings on your friends list.
If you already know how to do that, go do it now. If you don’t know how, watch the video I put together for you. You can view it at the top of this post, or go here.
My friend also offered the following instructions on how to report the vermin, based on her experience in figuring it out:
- Go to the FAKE page.
- Click on the little wheelie settings thing and select “Report a Problem.”
- You have to choose from 3 choices. Choose “Submit a Report” and the subset “Report SoandSo’s account.”
- You have to choose again from 7 choices. Choose “This timeline is pretending to be me.”
- You have to choose again from 2 choices. Choose “Submit a Report.” The other choice is “Block SoandSo.” You don’t want to block the creep; you want to keep an eye on him/her.
- Facebook will give you a link to a Support Dashboard. You can check in there to see when the fake you disappears. What a relief!