Sunday, September 25, 2016

Facebook: what to do when you receive a Friend request from someone who is already a friend (impersonation scam).

There are a lot of scams on Facebook. Heck, at one time their revenue came largely from shady games and the covert sale of personal information. It’s kind of in their blood. With time Facebook has become respectable, but the scams continue.

Some scams have no fix. If someone uses a personal email address you haven’t yourself associated with a Facebook account you are out of luck. At best you can lock the scammer out of Facebook by doing a password reset.

Other scams do have a fix, but the fix is usually anti-documented. What’s anti-documentation? It’s to documentation as antimatter is to matter. The opposite of useful; it gives the wrong answer to every question.

The fake-friend scam is anti-documented. When I searched recently for a good explanation I found lots of chaff and nonsense. So here’s a stab at what you do — at least until Facebook changes things again.

The fake-friend scam leverages Facebook’s default behavior of sharing your image, your name, and your friend list. A software program creates a new profile based on your image and name, then sends an invite to everyone it can find on your friend list. Friends accept, and it does the same thing to them. The resulting information can be sold. Eventually someone monetizes the network, usually by sending a link that loads malware with a payoff.

The fix is to report the fake profile. This is what I did when I received a request from someone who was already a friend (I’ve removed her identifying information). If all goes well after the report is done a confirmation request is sent to the friend who is being impersonated (though sometimes Facebook seems to remove the fake profile immediately):

1. Click the mystery drop down icon on right side and choose report.


2. Choose report.


3. They’re pretending to be … someone I know


4. Submit for review


5. Facebook will lookup the name from your friend list.


A few minutes later you should receive a Facebook notification that the case has been “closed”:

Screen Shot 2016 09 25 at 9 53 38 AM

I’ve done this a few times. So far Facebook has removed the fake profile fairly quickly, but that may depend on your friend managing their followup. So let your friend no what to expect.

No comments: