I’m on Facebook frequently, and I’ve noticed it’s become a REAL MESS because of poor account security and rampant cybercrime. I have multiple relatives and friends now who have lost control over their Facebook accounts. Sometimes these individuals have created another Facebook account, creating confusion about “what is the real account?” Some of these people have multiple Facebook profiles because bad actors / threat actors are attempting scam their friends and contacts. In this post I want to highlight some of these situations and provide specific advice on what you can do to identify and avoid fake / malicious Facebook friend accounts, and also report them so the accounts can be (hopefully) deactivated by Facebook security engineers. I’ll also recommend what you can do to SECURE your own Facebook and EMAIL accounts (email is really like a “master key” to most of our online accounts and passwords) as well as how to customize your Facebook profile so people can tell it is legitimate.
I’ll share this link again at the end of this post, but will share it at the start too, since you may not read (TL;DNR) my entire post: I’ve collected a variety of my past presentations and webinars on the topic of Internet Safety I recommend you check them out, and also share the link with family and friends.
From what I can tell, many issues with duplicate Facebook accounts for someone are caused when:
- People (often older adults) forget and/or lose their password, and can’t access their account any longer, so they make a new one.
- Hackers gain access to someone’s Facebook account, often because that person uses the SAME PASSWORD on multiple websites (which is on the “dark web” for any bad actor to look up and use) and fail to enable MFA (multi-factor authentication) on their Facebook and primary email account.
Let’s start with the basics of what you need to do IMMEDIATELY (if you have not already) to secure your Facebook account and primary email account. These are things you may need to share with family and friends, and even help tutor them through. That was the primary theme of my March 2021 TEDx talk, “Technology Fear Therapy” btw!
1. Use a Unique, Complex Password on Facebook
You should NEVER, EVER use the same password on more than one website. This is something likely everyone has done in the past, but it is a habit that MUST be broken. If you repeatedly use the same password, you are inviting hackers to take over your digital accounts, and speaking a bit harshly: That’s a very dumb thing to do.
Use the Pwned Passwords checker on Microsoft security researcher Troy Hunt’s website haveibeenpwned.com. You can put in “that special password” you’ve likely used for years, and see exactly how many data breaches / hacks include that exact password which are “ON THE DARK WEB” now for any bad actor to look up / download and use.
When you reset your Facebook password, choose something LONG and COMPLEX. Forget trying to remember it by using some kind of clever pattern. Today I favor using 30 character random characters with special characters for all my passwords. The more characters you use, the harder it is for bad actors / threat actors to crack.
Afraid you can’t remember so many long, random and unique passwords? Of course you can’t if you rely on your memory. That’s why you need step 2.
2. Use a Password Manager
If you’re not using a password manager like 1Password or BitWarden, you need to start immediately. If you are an iPhone and/or Apple computer user, you may be able to use the new Apple Passwords app instead.
The transition to regularly using a password manager is NOT something you should put off to a future date. Consider this: Thousands of hackers around the world are working hard to find “easy targets” they can attack and exploit for a variety of malicious purposes. These cyberattacks happen 24/7, 365 days per year. You don’t want to have your identity stolen and have to deal with that clean up mess. You don’t want someone taking over your Facebook account and posting advertisements with malicious links to cryptocurrency scams, as one of our good friends from our Oklahoma City days is watching right now.
For more about password manager options and why they are vitally important, see the November 2024 article in Tom’s Guide, “The best password managers in 2024”.
I know it can seem painful and feel like a big inconvenience to shift to using a password manager, but so was wearing seatbelts all the time in the 1980s. Safety and security is the issue here: Ignore this advice at your own peril. You don’t have to look far (or ask too many people you know) to understand why identity theft and hacked digital accounts are at EPIDEMIC levels and must be addressed immediately, individually, by each user of the Internet.
Yes, that includes you and your older parent / grandparent / friend.
3. Enable 2FA / MFA on Email and Facebook
When I was the Director of Technology for 4 years at our Oklahoma City school, I would sometimes get text or phone messages like this:
Help Wes! Hackers have taken over my personal email account and my Apple iCloud account. I can’t access anything, what should I do? Can you help me?
There are definitely a variety of things you can and should do if you are hacked, but the best thing to do NOW, before you are hacked, is “harden” and improve your security profile on as many websites as you can so you are not a “soft target.” In addition to the previous two recommendations (use unique, long and complex passwords – and use a password manager) you need to enable two factor authentication (2FA). TrendMicro has a short video tutorial (75 seconds from March 2024) showing how to do this on Facebook on an Android smartphone. The process is similar on an iPhone.
Facebook’s official support article, “How two-factor authentication works on Facebook,” provides additional details and steps for this process on multiple devices / platforms.
You need to follow these same steps IMMEDIATELY for your primary email account: Change your password to a unique, long and complex password, save the password in your Password Manager, and turn in 2FA.
Not everyone has a Google account and GMail account, but millions of people do. Google’s “Take a Security Checkup” page provides an excellent series of steps we should each take to secure our email accounts and ensure we can take them back over in the event they are hacked at some point by a bad actor / threat actor.
Now that we’ve highlighted immediate steps to take to harden and secure your own Facebook and email account, let’s highlight some issues with fake or misleading Facebook accounts.
1. Proactively “Train” Your Social Media Feeds
First of all, understand we each need to proactively TRAIN our social media feeds. Each time we open a social media app or webpage, we are ‘training the machine” on the kinds of content we like and the people whose content we want to see. As we watch, read, like and comment, Facebook (and other social media sites) are compiling data about everything we do. We are constantly under surveillance online, and especially on social media websites. If you haven’t already, watch the 2020 documentary, “The Social Dilemma” to better understand how the surveillance dynamics of social media work.
To “train our social media feeds” we need to be very intentional about the people and accounts we “friend,” follow and like. On websites like Facebook, by “friending” another account we grant that account access to our own collection of contacts and friends. This is why I’m seeing messages like the one below as a comment on Facebook posts:
I’m seeing you in my Facebook news feed but for some reason cannot send you a friend request. Can you please friend me so we can be connected and I can follow your posts?
Do NOT fall for this social engineering ploy. When you or I initiate a friend request, we are granting another account access to our contacts on a site like Facebook. This is valuable data to a bad actor / threat actor, who can and likely will use those contact links to share posts with malicious links that can lead to real world harms (like identity theft) for others. Block accounts which send you messages like this, then delete the messages from your Facebook profile / post.
2. Watch Out for “Sus” Second Accounts
My middle schoolers have taught me what “sus” means: It’s “suspicious” or “suspect.” On Facebook especially, but also on other social media platforms, we need to CONSTANTLY be on the lookout for “sus second accounts.” Here’s an example. The friend request on the right has a profile picture, and it is the SAME image this person (who I know from our first church in Oklahoma City / Edmond) uses on her REAL Facebook profile. However, this “sus” profile uses her first and last initial instead of her full name, and it only has six mutual friends.
The “actual Facebook page” of this friend is clearly identifiable as legitimate for multiple reasons:
- The page has hundreds of friends and over 100 mutual friends to me
- The profile is more complete with current city, colleges attended, city of origin, etc.
When I receive a NEW facebook friend request from someone I know and already follow on Facebook, or that looks “sus” for some reason, I first search Facebook for that person’s name. In many cases, the person’s active / “real” profile will come up, and I can compare the “new request” with the existing account to make a judgement about whether or not the requested account is legit.
It DEEPLY SADDENS ME to see multiple people who I know (they are mutual friends) of others on Facebook accepting and “friending” these kinds of fraudulent accounts. Those actions not only put others in the friends / contacts of those people at risk of phishing and social engineering attacks, but they also lend some credibility fo the fake account which make TRICK others into thinking is real / legitimate.
Please be VERY careful when “friending” new accounts, especially for people you ALREADY follow / are “friends with” on Facebook. It’s true people sometimes DO lose their passwords and their ability to recover their Facebook account, and as a result they create a new one. (I have a close relative who has done this, actually.) But in MANY cases, the second or third Facebook account is FRAUDULENT and has been created by a bad actor / threat actor.
3. Confirm a new account is legitimate with a PHONE CALL
This is a radical suggestion, I know, but I will make it anyway: Use your phone to CALL a friend from whom you receive a new or additional Facebook request. Or, even better, ask them in person the next time you see them. Confirm if they have set up a second Facebook profile.
They may not be aware a fraudulent / fake account has been created in their name, and this can help them move to step 4 as well.
4. Report the Fraudulent / Imposter Facebook Account
When you confirm or strongly suspect a Facebook account is fraudulent, please REPORT IT. See the official Facebook Help Center support page, “Report a Facebook profile or Page pretending to be you or someone else.” By reporting a fake account, you increase the chances that Facebook’s human (or AI / robot) engineers and content moderators will flag the account and eventually deactivate it.
These actions can reduce the chance others in your circle of friends and acquaintances may be tricked and exploited (via social engineering tactics) to “friend” that account.
Think of these small security-related actions on Facebook like picking up litter on the sidewalk in your neighborhood. As a member of a neighborhood, we have both rights and responsibilities. One of our responsibilities is to try and keep our neighborhood clean and safe. The same ethic should apply within the social media spaces we inhabit.
I hope these tips and suggestions are helpful, and I hope you will SHARE THEM with others. I don’t run ads on my blog, I didn’t write this as a “sponsored post” or for any kind of financial compensation. I’m a teacher and have been an educational technology administrator as well as early adopter for many years. Helping others stay safe online is something I do both “during my day job” and on my own time, because it’s the right thing to do.
Please check out the Internet Safety resource page where I’ve collected some article links, presentation videos and slideshows relating to digital security over the years. Share the link with others. Be a “technology fear therapist” for your family this week and during the upcoming December holidays.
“Let’s stay safe out there, folks. It’s a dangerous world out there, so we need to stick together and keep helping each other out!”
Source : Facebook Friend Safety Tips
