header info

To see what jewelry creations are currently available Click here!

Saturday, April 30, 2016

How to Protect Your Facebook Account from Scammers

There's a thing that's happening more and more lately, so I thought I'd address it here, so any of you who want to can take proactive measures to prevent this from happening to you.

First I'm going to explain it so you understand it exactly... then I'll show you what to do if it happens to someone you know... and then how to keep it from happening to you.

I call them scammers rather than hackers, because they aren't actually hacking into your Facebook account.  Although many people do think they've been hacked.  They freak out that someone has access to their Facebook account and they change their FB password, etc.

While it's never a bad idea to change an online password every so often, rest assured that in the scenario I'm about to explain, the scammer has not hacked into your FB account nor do they have your password.

Because there is more than one person in the world with any given name, Facebook couldn't let only one "Mary Smith" be called "Marry Smith" on Facebook.  How would the other thousand Mary Smith's in the world feel?  (They'd probably feel like the thousands of Mary Smiths who don't get to use their name on Twitter or Instagram, but that's beside the point.).

So when you create a FB page, you get a unique identifier, but you can CALL yourself anything (within reason).

So let's say Mary Smith #1 makes a Facebook page using Mary Smith as her profile name.  So when Mary Smith #2 comes along, she makes a Facebook page also using Mary Smith as her profile name, but the URL to her page will be different from that of Mary Smith #1.  But what YOU see when you look at either profile page (more on this later)  is just a FB page that says "Mary Smith" and probably a photo of each respective Mary Smith.

When you want to find someone on Facebook, you search on their name, right?  And more often than not, more than one FB account with that name comes up.  So you either look at the avatar (profile) pic to see if you recognize who you're looking for or you see if they've listed a location where they live, etc.

So what's the scam?

If you get a friend request from someone you thought you were already friends with on Facebook, 99% of the time you're being scammed into "friending" a fake FB account.

What these people do is look around for people whose "friend lists" are public (more on that later too).  Then they just make a new FB account, call themselves your name (remember, your name is not proprietary on FB) and start sending out friend requests to all the friends on YOUR friends list.

Now your friends will most likely do one of two things.  They will either go, "Oh heck, I know her; of course I want to be FB friends with her".  Then they confirm and are now friends with the scammer.

Or... they will go, "Um... she's already my FB friend.  What's going on?"

Three times in the past month, I did this second thing.  Then what I do is notify my friend (make sure you're using their real account when you msg them... find them from your friends list and make sure you see reasonable posts on their timeline).

You can check out the timeline of the person making the friend request without having to friend them.  What you'll usually see is rarely anything more than the fact that it's a new account and they have a profile pic.  There will be no history and their friends list will usually be short... only those friends who have already fallen for their scam.  You can see the scammer's friends list without friending them (unless they're clever enough to do what I'm about to show you at the end of this blog post)... and if you want, you can let these friends on the list know they "friended" a scam artist.  But that's not usually necessary because FB shuts down these scam accounts almost immediately after being reports.

If this happens to your account (someone impersonates you), don't post on your FB wall that you've been hacked.  You weren't.  There is nothing compromised about your FB account.  Someone is just impersonating you.  They do not have any of your private information.

Okay, so what you want to do (and I can't show you screen shots of going through the steps until this happens again) is report it to FB.  Anyone can report it.  I've done it numerous times.  I'll try to recall the steps.

Open the scammers timeline (just click on their name, don't accept the friend request), then look for the extended menu next to the "Message" tab (see first red circle).

In the extended menu is an option to REPORT.  Click on that, then you'll see options (now here's where I'm going off my memory).  I think the one I pick is "this person is impersonating a friend" (or something like that).

Go through the questions... it will ask you the name of your friend (I usually just put the URL to my friend's true FB page).

When I report these to Facebook, the scammer's account is shut down within minutes.  WTG, Facebook!

The only time it might not be a scammer (that other 1% of the time), is if my friend, for some reason, created a second FB account for themselves.  So I usually msg my friend and ask before I report it.  If they say they haven't created a new FB profile recently and requested my friendship, then I go ahead and report the scammer.

So back to unique FB identities for a second.

Let's say Mary Smith #1 created her FB page a long time ago.  She may have the URL (to her FB page) as something like: https://www.facebook.com/marysmith

And her page (her timeline) will say Mary Smith next to her avatar picture on her FB banner.

When Mary Smith #2 comes along, she won't get the URL that says Mary Smith.  Her URL may even look more like this: https://www.facebook.com/profile.php?id=100012083678532&fref=jewel

But her page (her timeline) will say Mary Smith next to her own avatar picture on her FB banner.

Let me back up and show you what I see if I search on the name "Laura Bracken".  Here's what I see...

Notice there are four "Laura Bracken" FB accounts right away.  They all have avatar/profile pictures but only two have locations.  Sometimes it isn't easy trying to find someone you really want to find.  People looking for me might not know which one of these I am... unless they knew I live in Penryn, CA.

Anyway, now I'm going to show you how each of these "Laura Bracken" accounts look different.

Here's the URL to my account.

When I started my FB account, there was probably a question asking me what my name is and another one asking me what I want to be known as, or something like that.  (Sorry, I don't feel like creating a fake FB account right now just to demo the process.)

But anyway, you can see, my name (Laura Bracken) shows up next to my avatar, but my URL is something different.

Here are Laura Bracken #2, #3, and #4.  BTW, I'm not exposing anyone's secret info... these profiles are all open to the viewing public.

I'm showing you these four profiles to show you that there can be many "Laura Bracken" FB pages, but we all have unique URLs (the red rectangles).

So what these scammers do is create a new FB account, add YOUR profile photo to their account (photos are easily stolen from the internet... it's as simple as left-click, save as) and give themselves YOUR name.  To the casual observer, it will look like YOUR actual FB page.

To the trained eye, it looks like a scammer if it's a new account (next to nothing on the timeline... no posts) and they don't have many friends (hopefully, they haven't had time to scam too many of your friends yet).

So that's what they do and how you can try to differentiate a real friend request from a scam one.

If you get a friend request from someone you thought you were already FB friends with... HUGE red flag.  Don't just "confirm" their friendship.  Investigate, notify your friend, report the scammer to FB.

Now, lastly I want to show you how you can try to avoid being scammed yourself.

What these scammers want is access to your friends list, so let's just take that away.

The first thing you do is go to your timeline  and click on your FRIENDS tab...

Then click on EDIT PRIVACY...

This brings up a pop-up window.  Use the pull-down menus to select your choices.

Then click DONE.

If you select "Only Me", no one can see your friends list with one exception.  People who are my friends and your friends will be listed as "mutual friends".  So your FB friends will always be able to see who you and they both have friended, but your FB friends will not see anyone who is your friend but not their friend.

I don't know why FB has it set this way, but it's better than nothing.

So there you have it.

If any part of my explanation is wrong or confusing, let me know via comments and I'll see what I can do to fix this.

If this info helps you in any way, let me know via comments.  I love knowing that taking a chunk out of my day to blog stuff like this is actually useful to some people.  :-)

NEW INFO: To help you see what it looks like if someone who is already your friend gets their account cloned.  The spammer will send a friend request to all of the person's friends (because he has access to that list).

For any friend request I get, I do a search on their name (I have a lot of FB friends and can't remember then all). If two profiles show up for the person and I'm already friends with one of their profiles, I click on the name of the new request then I can report it. All I have to do is put my real friend's name in the form and then FB contacts them to confirm they did not create a new profile.

[Update: check out my follow up post: What if your Facebook account really was hacked?]



  1. GREAT blog. Thank you so much. Just did this to my profile. Smarty

  2. One I got the other day was a friend request from an administrator at Face Book. No friends listed, no photos, nothing to show me "she" had any possible connection to me. Trashed that request in a hurry

    1. Wow, that takes nerve... to impersonate a FB admin. Glad to hear you were on the ball.

  3. I always love looking at your blog, Laura, and this is really good info for someone who's not social media savvy--like me! Thank you!

    1. Thanks so much for letting me know this was a helpful post.... and for the kind words on my blog. :-)

  4. I went right in and changed my personal settings...thank you so much. Very recently I created a group page for some of my old high school friends so we could share pics of our travels etc. I made it a closed group until I got a request just today from someone none of us knew. Then I really studied the diffs between closed and secret groups. But until I read your blog, I was leaving myself open to who knows what. Think I've asked you this before...but will you adopt me???

    1. Oh yay! It makes me SOOOO happy to find out when I've done something helpful to others (need to be needed?). :-)

      Every day I'm learning about a new scam or fraud. It's so sad... what we have to look out for.

      I hate being a trusting person forced to become a cynical, untrusting person.

  5. ...and now I'm going to pass on your info to my friends! We all thank you:)

  6. Seriously!!! Thank you. Useful stuff.

  7. Excellent information, Laura - thanks so much! :)

  8. Hiya fyi, here in Aus the 'Edit Privacy' field drops down when you click on the tick next to 'Find Friends'
    Great info, Laura!

    1. Oooh, thanks for letting me know. I should update my blog post!