Over the last few weeks many South Africans have noticed an alarming new trend: their Facebook profiles have been cloned.
There’s no advanced technology or clever viruses involved with cloning a Facebook profile. All an impostor needs is a photo of you, some basic information, and access to your friend list – information that’s publicly available, right on your own Facebook profile. So when your friends start getting friend requests from a profile with your name, information, and photos, it’s not because you’ve been hacked, have a virus, or need to change your password. No sirree, you’ve just fallen into the trap of being lax about your Facebook privacy settings. It’s really the age old hacking technique (and now, double entendre) of social engineering.
It’s worth paying attention, too. It’s not just some harmless internet joke. The creators of cloned profiles go on to convince your existing friends that they are you. Once a gullible friend has fallen into the trap and accepted a friend request the scammers now have their information – for a new cloned profile, and more victims – as well as the knowledge that your friend might be accommodating. Scammers go about posting things in your name, including links to malware and data-harvesting apps, as well as soliciting money for financial aid. Because hey, what’s a few bucks between buddies?
With the damage done, your only recourse is to tighten up security and notify Facebook – and your gullible friends – of the issue. For those who haven’t been the unfortunate victims of the scam, there are a few basic measures that can be taken to greatly minimise the risk of your profile being cloned.
1) Kiss your friends goodbye
While some people might take pride in their enormous… friend lists, it’s the one big thing that puts you at risk when a scammer wants to clone your profile. See, publicly-viewable friend lists mean that a scammer only needs your name and profile picture to contact your friends. Nip this in the bud by restricting who can view your friend list. To do this, go to your profile on Facebook. Click on your Friend list. Now click on the edit button. This brings up a menu to edit privacy – which you want to do – and from there you can select who gets to view your friend list.
If a scammer cannot see your friends, they cannot send them messages. Simple as that.
2) Say sayonara to those snaps
To most people on the internet, the logic of “Looks like a duck, quacks like a duck – must be a duck” is sound life advice. So when your unwitting friends get a friend request from somebody that looks like you, talks like you, and has your name, it’s game over.
Sadly, the steps that need to be taken here are a bit more tedious. Facebook doesn’t have a global setting for controlling the privacy of your photos. This has to be done per album. And certain albums – like wall photos, profile photos, and Instagram photos – have per-photo permissions settings.
It’s a pain in the butt, sure, but more inconvenient than having your identity stolen? We thought not.
To change photo permissions you’ll have to go to your profile, navigate to Photos, and then select the Albums section (rather than Photos of You). Now, tackle each album individually. The albums you’ve created will have a gear icon. Click on that and you can toggle the privacy of that album. For special albums, like your profile photos, you’ll have to go into each album, then select each photo, and manually select its privacy settings.
3) Become anonymous
Personal information, such as where you attended school, who you’re married to, and what TV shows you enjoy, are all bits of information that can be used to make fake you look like real you. To make sure that only you, or your friends, can see those details, you just have to edit your profile’s About page.
Go to your profile page, click on the About section, and then click on the edit button next to each section that has your information. Here you can set which information is publicly viewable. We recommend hiding it all. Only your friends need to know about your personal details, anyway.
You can also hide yourself from search engines – and even Facebook search. To do this, click on the gear icon at the top right of the screen, on Facebook. Select Privacy Settings. Now you can toggle who gets to look for you on Facebook, as well as whether or not search engines can link to your profile. Make it harder for scammers (and stalkers) to find you, and your online life will be less stressful.
4) Penetration test yourself
No, not that. Get your mind out of the gutter. This is meant to help you see how secure your profile is – basically, you want to see what an unknown scammer can get on you, using just your Facebook profile. Thankfully there’s a tool built in for that. Once again, go to your own profile page and click the gear icon next to “Activity Log”. There’s a tool there called “View as…” which will let you view your profile as somebody else – one of your friends, or a stranger from the internet. Now you can see how much information is publicly viewable, and go back to edit the privacy settings for posts that shouldn’t be appearing to all and sundry.
Although tightening the security on your profile is the best start of all, you can also practice vigilant surfing habits. Don’t use any old dodgy apps on Facebook; most apps will ask for permission to use your profile. Don’t accept friend requests from strangers, or friends you already have on Facebook. Don’t click on phishing links in strange emails. And, for goodness’ sake, don’t believe everything you read on the internet.