Browse Definitions:
Definition

Facebook cloning

Contributor(s): Ivy Wigmore

Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list. The exploit is often succesful because many unsuspecting friends just accept the scammer’s requests, assuming that the actual user has created a new account for some reason or forgetting that they are already friends with that person.

The scam doesn’t require any advanced technical knowledge or skills because the user accounts aren’t actually hacked, just copied. Anyone on Facebook can see anyone else’s profile picture and copy the image. Furthermore, because of the nature and purpose of social networking, most people’s friends lists are public, which means that the attacker can see, and send a request to, any or all of the user’s friends.  

The user’s actual account has not been compromised and their messages and other data are as secure as they had been, depending on their privacy and security settings. The risks involved with Facebook cloning fall on the user’s friends. Once the scammer has accessed enough of the victim’s friends, there are a number of ploys that may be attempted. The scammer may, for example, request emergency funds, pretending to be stranded somewhere while travelling, or try to get advance funds from the targets for some bogus future payoff. In other cases, the scammer may use social engineering tactics to convince targets to provide sensitive information, which can then be used for identity theft.

Several posts that frequently make the rounds claim that all or almost all Facebook accounts are being cloned, which is not the case. Nevertheless, account cloning is an actual threat. As with the burden of risk, the onus is also on the account owner’s friends to protect themselves from the exploit. The best way to prevent yourself from falling prey to Facebook cloning scams is to be careful about friend requests in general: Don’t automatically accept requests without checking out the requester’s profile and never accept unless the account seems valid. If you receive a request from someone who is already a friend, be doubly suspicious.

This was last updated in February 2017

Continue Reading About Facebook cloning

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • principle of least privilege (POLP)

    The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for...

  • identity management (ID management)

    Identity management (ID management) is the organizational process for identifying, authenticating and authorizing individuals or ...

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

  • SAS SSD (Serial-Attached SCSI solid-state drive)

    A SAS SSD (Serial-Attached SCSI solid-state drive) is a NAND flash-based storage or caching device designed to fit in the same ...

  • MTTR (mean time to repair)

    MTTR (mean time to repair) is the average time required to fix a failed component or device and return it to production status.

  • OpenStack Swift

    OpenStack Swift, also known as OpenStack Object Storage, is an open source object storage system that is licensed under the ...

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close