hand hiding keyboard

The Difference Between Hacking and Spoofing on Facebook

Karin Kallmaker LIFE + STYLE 9 Comments

This is a Public Service Announcement. There is significant difference between being hacked and being spoofed on Facebook. (Spoofing is also called cloning.) I often see people in a fear spiral when they don’t need to be, and after explaining the difference numerous times it finally occurred to me I could just do a blog post and then share the URL in the future. The spoofers get less of everybody’s time and attention.*
10/7/2018: Spoofing/cloning is currently in an epic surge on Facebook – both REAL spoofing and FALSE report of spoofing, when Person A is told in a spam message forwarded by Friend B that Friend B received a duplicate friend request from Person A, and they hadn’t, sending Person A into a wasted time spiral trying to report a spoof/clone that doesn’t exist. Please, people, stop forwarding private Messenger anything-at-alls that tell you to tell all your friends. That’s the hallmark of SPAM.

How it Starts

It begins with the nagging suspicion that something is off – a friend request from someone you’re pretty darned sure you’re already friends with. When that happens here’s what I do:

  • I use Facebook search to find my friend’s profile and look at the URL for it. Then I compare it to the URL for the friend request. Yep, they’re different. On a mobile device the URLs aren’t obvious, but I can see the new (fake) profile has no recent activity that makes sense for the friend I already know.
  • When I look at my real friend’s profile page, I usually already see posts from another friend saying, “YOU’VE BEEN HACKED! CHANGE YOUR PASSWORD!”
  • And then usually there is a flurry of postings by the real person about all the mess and time spent on the infuriating, scary steps they are taking to secure their account.
  • There is sometimes a friend winding them up into a fear spiral, and the person who is spoofed changes all their email passwords, their bank log ins, etc.

None of which is necessary and none of which takes care of the fake profile.

Not that changing passwords from time to time is a bad thing. But in the case of Spoofing Internet Chicanery, it’s not necessary. But it would be responsible of you to deal with the fake for the sake of your friends.

How to tell the difference? Here you go.

When You’ve Been Hacked on Facebook

danger will robinson

Hacking on Facebook means someone has your password. Danger Danger Will Robinson! They are inside your account, and they can do anything with your account that you can do. They will likely reset your password so you can’t get into your Facebook or Messenger accounts.

One of the key behaviors of a hacked account is that your account will suddenly begin tagging friends and posting pictures of spam advertisements. (One of the more common ones is sunglasses ads.) Friends will be alarmed, but they will not be able to use Facebook to reach you. The hacker now controls that conduit of communication. If you’re fortunate a friend will message or email you another way, or you’ll notice the activity yourself right away.

This is a security emergency, especially if you’ve used that password on other accounts or you have set up any kind of payment system with Facebook, or used Facebook’s authentication to log into other accounts.

Go to Facebook’s Hacked Accounts Help, immediately. Follow the directions. Change your passwords everywhere, especially banking and credit card accounts. Keep an eye on your credit card transactions posted by your bank. And I am so sorry you’re going through this!

[Hackers can hide the fact that they have hacked you from you, so this is not meant to be an exhaustive response to detecting hacking in your account. This is just the highlights of common hacking behavior.]

When You’ve Been Spoofed on Facebook

mirror mirror on the wall

Spoofing on Facebook means someone is pretending to be you with another account. I see it happen probably once a week. It’s annoying but fairly harmless in terms of your Internet security. There are no posts you didn’t make on your own profile page, no messages you didn’t type yourself to your friends.

It’s a danger to those people on your friend list, however, especially if any of them are inexperienced in the Ways of Web Wickedness, like your Nana who is on Facebook just to see pictures of the grandkids. So you should deal with it in a timely way, but there’s no need to panic or napalm your existing password arrangements. In fact, changing your password does nothing to a spoofed account.

The Key Difference: Spoofers Don’t Have Your Password!

They’ve opened a new account, duplicated the photos on your page and put them on the new one, and they’ve copied your descriptions. It takes literally just a few minutes to do. A visitor might believe that profile was the real you. It’s really disconcerting to see, but there’s no reason to panic, change your passwords or waste a lot of time worrying about it.

Their intent is to fool some of your friends (like your Nana as mentioned above) into accepting a friend request and then they will try to convince the friend to send money. All it takes is one success to make it worth their while doing this to hundreds of people. On the Facebook’s Hacked Accounts Help you’ll even see there’s a FAQ for “Someone is pretending to be my friend and is asking me for money.”

If Someone is Spoofing You

facebook report profile spoofing screenshot

Here’s what you should do:

  • Change your profile picture to something very different and caption the photo, “Hey friends, I’m changing my profile picture for now because someone is pretending to be me.” Facebook gives new profile pictures huge exposure and a wide swath of your friends will see it.
  • Also post a status update that says “There’s another profile on Facebook pretending to be me. Don’t send them money. Please block them. I’ve reported it to Facebook.” (You’ll still get posts from friends warning you that you’ve been hacked but you know the difference, right?)
  • Go to the thief’s profile and click the three-dot menu button and select “Report this profile.” Follow the instructions. When the person being spoofed reports it the thief’s profile is taken down much more quickly.
  • Tangent: Sometimes the thief takes the time to block the person they’re spoofing, making it harder for you to report their fake profile. Ask a friend for the URL of the fake to use in your report. And ask friends to make a report for you. It will take a little longer for Facebook to act.

If a Friend has Been Spoofed

If you’re reading this because a friend is being spoofed, do this:

  • Post on your friends wall/timeline and tag them in the post. “Hey so-and-so you’ve been spoofed, you should report it.”
  • Include the URL of the faker profile so your friend can go right to it.
  • Give them the URL for this blog if you think they might need it for reassurance. ( https://kallmaker.com/difference-hacking-spoofing-on-facebook/ )
  • Do a report of your own. It’ll just take longer for Facebook to act on it. (Every once in a while, instead of allowing a report, Facebook tells you to message the friend instead. I have no idea why. Since you already did that you don’t need to do it again.)
  • Return to the fake profile and delete the friend request. If offered the opportunity, mark it as spam. (Neither of my mobile devices offers this, but my desktop does.) Then using the three-dot menu again, block the profile permanently.

It will likely take a few hours to a day for the fake profile to disappear.

Don’t Fear or Rage Spiral over Spoofing, Just Move On

woman relaxing because spoofing is easy to deal with

That’s it. It’s annoying and disconcerting, but don’t give these asshats more of your time or energy than the situation warrants. Have a cup of tea. Read a book. As you were.

* This advice may apply to other social media platforms, but I haven’t gone through it with them. Also, this is only my advice. Your own judgment is best.

If you found this blog about Facebook Spoofing helpful, you also might find my blog about Infomercials and Credit Card Fraud helpful as well.

Comments 9

  1. Hi Karin, thank you for this useful information. I am an admin on a Facebook group page and members were going hysterical over the recent Cloned accounts message going around. A member posted the link to this page in the group. I would normally have deleted the link as we have a no links except game related,.I read this and allowed it to stay to allay the fears of members of the group. It appears to be working. I have also passed it on to all my Facebook friends.

    1. Post
    1. Post

      You’re absolutely right. To my knowledge I’ve never been Facebook cloned – and my friend list has been private since the get go.

  2. Hi Karin,

    Got spoofed on FB and googled for some direction and guess what? This wonderful page appeared!! Thanks so much for the info and by the way, please disregard my friend request. 🙂

  3. It seems as though some people are able to spoof Facebook Messenger messages without creating a fake FB profile. Messenger appears to deliver a message, but it doesn’t show in the supposed sender’s “sent” messages on FB. It seems as though this takes less work for the nefarious ones than creating a fake profile.

  4. Hi Karin. I just did a Facebook post about spoofing and wanted to link to a good article for more information. Wanted to let you know that I came across your’s and thought it was really well done! Thanks for the great info!

Thoughtful and Congenial are welcome visitors. Disrespect and Spite will be shown the door.

This site uses Akismet to reduce spam. Learn how your comment data is processed.