You receive a message apparently from a Facebook friend telling you they received another friend request from you. They go on to diagnose the "situation," tell you that you’ve been hacked, and they offer advice on what to do to remedy the problem.
Generally you're asked to forward the warning to all of your other "Friends." Don't. It's like a chain letter, nothing but a hoax. When it comes to Facebook friends offering advice on how to remedy perceived hacks, you probably shouldn’t follow their suggestions. Usually the advice only spreads the hoax. Your best defense, if a "Friend" offers a solution, is to delete it and ignore the advice.
The hoax is based on a real problem known as "account cloning." An actual account cloning takes place when someone steals your profile picture, and your name to set up a new account. Once in place friend requests are sent from the new account, appearing to be from you. Cloning is real, and there were waves of it in 2013 and 2016 when the cloners would use their bogus accounts to ask "Friends" for money, but the current plethora of multiple friend requests is a hoax.
But there's no cloning surge this year. Facebook recently told Syracuse’s news Channel 9 that there has been no increase in account cloning over the past weeks. And the viral messages about cloning aren't connected to the big data breach Facebook reported in September, either.
Cloned account frenzy starts when someone accepts a friend request from an attacker who looks like someone the target thinks they know. They don’t check. Instead they just click and accept the request. Once "friended" the attacker can steal images and other data, creating additional cloned accounts. It spreads like wild fire.
If you suspect your Facebook account has been cloned, you might search Facebook to see if there are two people who look too much like you. Only one of them, of course, is you. If you find you've been cloned use Facebooks "give feedback or report this file" function. Organizations and their employees are often heavy users of Facebook.
Addressing this hoax and others like it in tailored, interactive training can help avoid wasting time at least, and perhaps other, more serious consequences. Naked Security has the story: https://nakedsecurity.sophos.com/2018/10/09/dont-fall-for-the-facebook-2nd-friend-request-hoax/
Free interactive training course for the month of October to help you be more secure on social media
“Risks of Social Media Sharing” is an interactive training module where you will learn:
- How to identify security problems that can arise from social media usage
- The potential consequences of when things do go wrong
- Understand how to use social media safely and securely
- Test your knowledge with a quick quiz at the end
This module is 27 minutes in length. Free Access during the month of October 2018.