This past weekend my wife's Facebook page got spoofed.
We learned what was happening once her phone started a constant stream of alerts from family and friends with messages saying they had just received new friend requests from her.
While many thought she had been hacked, in other words someone accessing her Facebook account, it was actually a spoofing attempt which is quite common on Facebook unfortunately and it happens much to often.
Here is what occurs:
- A Spoofer grabs the profile header image and profile picture from a Facebook account via the web and of course the users name as it appears on the original Facebook profile page.
- They then create a new profile using that information and the copied images.
- Next, they go back to the original profile while they are logged into Facebook using the spoofed profile. They click on the original users Friends List and start sending friend requests to as many as possible.
What happens next is that those friends get a request for friendship from what looks like a friends profile. Just like on this past Saturday some of my wife's friends questioned the unexpected friend request and others accepted it immediately.
Eventually, If the spoofed profile never gets noticed as a fake, the person behind the spoofing will start sending messages to your friends who accepted the request. By gaining the confidence of those individuals, they can now ask for money because of an accident, family situation, etc. -- and who among us would not assist a family member or friend in need.
The reason this type of a scam/spoofing is so easy to accomplish is because your Friends List on Facebook is public by default.
If you happen to run Facebook's Privacy Checkup the accessibility of your Friends List is not even part of that wizard. You would think since access to this Friends List is a tool of spoofers it would show up there but unfortunately, there is no means to restrict access to that list unless you know it needs to be done and where do make that change.
I am here to show you exactly how to restrict access to your friends list on Facebook.
To get started you need to go to your main Facebook profile page.
On your profile you will see options under your main profile header image and you need to select Friends (1).
When the Friends tab is open you will now see a pen/pencil icon (2) on the right side of the Friends List. Click on that to see the Edit Privacy (3) option and select that to gain access to the Friends List privacy settings.
As you can see there are two privacy areas that can be controlled from here.
Friend List is self explanatory as it is basically all of the people you have accept as friends on Facebook. Following are those pages and people, such as products and maybe celebrities, that you have selected to follow on Facebook and get their updates in your Timeline.
There are five basic options available that will be of use to most people:
- Public - Facebook default setting and allows anyone to see who you are friends with.
- Friends - Makes the list only visible to those you have accepted friend requests from and their acquaintances.
- Friends except Acquaintances - This only allows your friends to see your list of friends - anyone who is marked as an Acquaintance on their list will not have access to your Friends List.
- Only Me - my recommended setting as it means only you can see your Friends List.
- Custom - allows you to share with specific individuals or lists (pages, events, products, celebrities, etc.).
- More Options - allows you to share your Friends List with specific groups of individuals you have previously marked in a certain category.
My recommendation is to use the Only Me option as that fully protects your Friends List from everyone.
So what should you do if your Facebook account does get spoofed?
Browse to that fake profile while you are logged intro your own Facebook account and from the main profile page look for the ellipsis menu item to the right of the Message button in the lower right corner of the profile image.
By selecting that ellipsis menu you will get a drop down with an option to Report this profile.
A couple of my wife's friends did this once we realized she was being spoofed and within 10 minutes Facebook had removed the spoofed profile.
I hope this process helps you all better protect your own accounts and Friends but do not forget to take advantage of Two Factor Authentication on Facebook to protect your account from actual improper access. While that would not have stopped a spoofer it will certainly help if someone attempts to actually hack into your Facebook account.