CHARLOTTE, NC — If you’ve been on Facebook for a while, you’ve probably seen at least a few Facebook friends apologize that their account was “hacked” and ignore any friend requests or messages that appear to be from them . . Have you ever wondered how this happens? Have you ever wondered what the people behind these clones are actually trying to gain?
Most of the time Facebook accounts are not hacked, they are cloned. Someone created a new profile using your name and photo. They then send friend requests to people on your friend list and send weird messages.
Over the weekend, two of my friends announced that their accounts had been “hacked”. Both discovered the clone through friends who informed them that they had received either a message or another friend request.
How do they get your photo? It’s easy. Just right-click on your public Facebook profile picture, then save. When they create a new profile, they upload your photo as their own and choose your name. If your “friends list” is public, most, if not all, have viewed your profile and sent friend requests.
So it’s an easy flight. The bad guys don’t need to go through Facebook to create a new account like we all did. A quick Google search and I found thousands and thousands of Facebook and Instagram hookups for sale on the internet along with friend lists. Most of the accounts were created overseas. For less than a dollar, someone can buy a username and password and then create whatever type of profile they want.
Have you ever wondered what the bad guys hope to gain from cloned profiles?
They hope someone clicks on a message they send to Facebook friends who might be tricked into thinking it’s from you. These are strange messages such as “Is this you? or “Watch this video”. The link can install malware to steal information or even ransomware that encrypts everything on your computer. They will ask for Bitcoin money to get it back. Ransoms are usually several thousand dollars. The bad guy promises to decrypt your hard drives so you can recover photos and everything else on your computer.
What if you don’t have the money? Some cyberthieves offer to undo their dirty work for free if you agree to send the ransomware to three other people. In a sense, we don’t have 200,000 bad guys to worry about but nearly 8 billion people in the world. He’s a bad genius, isn’t he?
Here’s another tactic they use: My friend whose profile was cloned quickly received “helpful” comments in her post, telling her and others to contact someone who can get her account back. The person who can “restore your Facebook account”, they say, can be contacted on Instagram or WhatsApp. My friend didn’t know the people leaving the comments, so they’re probably behind the cloned account. I dug.
One of the people who left a comment was named Gold Clinton. When I clicked on her profile, I discovered that she had no Facebook friends and only a few posts that were pictures of food. I looked up her profile picture on www.tineye.com and found that her profile picture was actually a picture of Tricia Cusden, author of a beauty secrets book. Cyber villains copied and pasted Ms Cusden’s online photo to create a fake account to advertise another scam.
That’s the bad guy’s modus operandi. Armed with this information, your next questions are likely “How can I protect my account and what should you do if your Facebook profile has been cloned?” We’ll talk about that next time. You don’t want to miss it.