Early one morning before work, my phone buzzed with an alarming text message from Kay Lark, Bishop Beckwith’s Executive Assistant: “Nina it’s possible Mark’s FB has been hacked.”
A priest had received a Facebook friend request from a profile using the Bishop's name and profile and cover photos. But the priest already was Facebook friends with the Bishop, and he knew the Bishop was away on the pilgrimage across the diocese. He quickly realized something was amiss and reported it to Kay.
In fact, the Bishop’s Facebook account had not been hacked, but it had been copied, and the impostor was busily friending people in the diocese, most likely with the intent of targeting them with scams or malware. Thanks to the immediate recognition and reporting by the priest, I was able to get Facebook to shut down the impostor account quickly (although there was some minor fallout that took a little more time to resolve – more on that later).
How – and why – someone would pretend to be you on Facebook
Because Facebook profile and cover photos are always public, anyone’s account is susceptible to an impostor attempt. The impostor just downloads these two key photos and then uses them to set up an account using the same name.
(Last March Facebook announced that it had a new algorithm to attempt to recognize impostors and automatically alert the person being copied, but it’s far from foolproof.)
If your account is copied, the impostor will send friend requests to your Facebook friends. Those who accidentally accept will likely receive private Facebook messages from the impostor with spam attempts (“Help! I’ve been robbed on vacation and need you to wire me money!”) or links to malware that, if clicked, compromise their computers. So, while being cloned by an impostor isn’t likely to be a security threat to you, it could be to your friends, as the impostor attempts to exploit their trust in you for their own ends.
How to protect your Facebook account from impostor attempts
You can’t do anything about your profile and cover photos being public, but you can make yourself a less tempting target for impostor attempts by protecting your friend list. After all, the whole point of someone pretending to be you is to prey upon your friends. If they can’t see them, they’ll move on.
The first step is easy: follow these instructions to make sure your friend list privacy level has been changed from the default setting of “Public” to something more secure.
The second step requires diligence: never accept friend requests from anyone you aren’t absolutely certain you know, because doing so gives them an opportunity to see who your Facebook friends are.
Facebook is constantly evolving, so it’s a good habit to revisit your privacy settings periodically to make sure there are no new default settings with which you’re not comfortable.
How to recognize a Facebook impostor
The best way to recognize a friend request from an impostor is to know who your Facebook friends are and treat as suspicious of any friend request from someone with whom you believe you’re already friends. This can be difficult if you have hundreds of Facebook friends, so again, we’re back to being careful about accepting friend requests in the first place. It would also be a good habit to compare every friend request to your current friend list, and to do a Facebook search on the name to see if multiple accounts come up with the same profile picture. You can also try looking at the profile – you may be able to see right away that it looks too empty or otherwise “off” (such as uncharacteristic language or posts) to be genuine.
If the friend request seems suspicious, contact your friend – through text message, email or some means other than Facebook – and ask them if they sent it. If there’s a misunderstanding this should clear it up quickly – but if your suspicions are correct, your friend needs to know they’ve been targeted by an impostor, because they may not be able to see it themselves (more on this below).
How to report a Facebook impostor
Follow these instructions to report a profile pretending to be someone else. In the Bishop’s case, Facebook took down the impostor profile within a few short hours. However, there are a couple complications you should be aware of, both of which happened to the Bishop.
First, the impostor might block the real person from seeing the fake profile. This is why it’s important to alert your friend if you think they have a Facebook impostor. And, since they can’t access the impostor profile to report it themselves, you will need to do so on their behalf following the instructions above.
Second, the impostor might report the profile they’re copying as being the impostor, so that the targeted person finds themselves locked out of their valid account. Luckily Facebook provides a quick way to prove your identity by submitting a JPG image of a government-issued ID. When the Bishop returned from the walk across the diocese to find himself locked out of his Facebook account, he submitted a scanned JPG of his driver’s license, and again Facebook responded quickly to unlock his account.
Connecting with people on the internet is a wonderful thing. I should know: I met my husband in an early online discussion board, back when Mark Zuckerberg was still in middle school and Facebook was not yet a gleam in his eye. But like in the real world, while most people online are honest, some are not, and it’s good to be alert – and for friends to look out for each other.