How it Starts
It begins with the nagging suspicion that something is off – a friend request from someone you’re pretty darned sure you’re already friends with. When that happens here’s what I do:
- I use Facebook search to find my friend’s profile and look at the URL for it. Then I compare it to the URL for the friend request. Yep, they’re different. On a mobile device the URLs aren’t obvious, but I can see the new (fake) profile has no recent activity that makes sense for the friend I already know.
- When I look at my real friend’s profile page, I usually already see posts from another friend saying, “YOU’VE BEEN HACKED! CHANGE YOUR PASSWORD!”
- And then usually there is a flurry of postings by the real person about all the mess and time spent on the infuriating, scary steps they are taking to secure their account.
- There is sometimes a friend winding them up into a fear spiral, and the person who is spoofed changes all their email passwords, their bank log ins, etc.
None of which is necessary and none of which takes care of the fake profile.
Not that changing passwords from time to time is a bad thing. But in the case of Spoofing Internet Chicanery, it’s not necessary. But it would be responsible of you to deal with the fake for the sake of your friends.
How to tell the difference? Here you go.
When You’ve Been Hacked on Facebook
Hacking on Facebook means someone has your password. Danger Danger Will Robinson! They are inside your account, and they can do anything with your account that you can do. They will likely reset your password so you can’t get into your Facebook or Messenger accounts.
One of the key behaviors of a hacked account is that your account will suddenly begin tagging friends and posting pictures of spam advertisements. (One of the more common ones is sunglasses ads.) Friends will be alarmed, but they will not be able to use Facebook to reach you. The hacker now controls that conduit of communication. If you’re fortunate a friend will message or email you another way, or you’ll notice the activity yourself right away.
This is a security emergency, especially if you’ve used that password on other accounts or you have set up any kind of payment system with Facebook, or used Facebook’s authentication to log into other accounts.
Go to Facebook’s Hacked Accounts Help, immediately. Follow the directions. Change your passwords everywhere, especially banking and credit card accounts. Keep an eye on your credit card transactions posted by your bank. And I am so sorry you’re going through this![Hackers can hide the fact that they have hacked you from you, so this is not meant to be an exhaustive response to detecting hacking in your account. This is just the highlights of common hacking behavior.]
When You’ve Been Spoofed on Facebook
Spoofing on Facebook means someone is pretending to be you with another account. I see it happen probably once a week. It’s annoying but fairly harmless in terms of your Internet security. There are no posts you didn’t make on your own profile page, no messages you didn’t type yourself to your friends.
It’s a danger to those people on your friend list, however, especially if any of them are inexperienced in the Ways of Web Wickedness, like your Nana who is on Facebook just to see pictures of the grandkids. So you should deal with it in a timely way, but there’s no need to panic or napalm your existing password arrangements. In fact, changing your password does nothing to a spoofed account.
The Key Difference: Spoofers Don’t Have Your Password!
They’ve opened a new account, duplicated the photos on your page and put them on the new one, and they’ve copied your descriptions. It takes literally just a few minutes to do. A visitor might believe that profile was the real you. It’s really disconcerting to see, but there’s no reason to panic, change your passwords or waste a lot of time worrying about it.
Their intent is to fool some of your friends (like your Nana as mentioned above) into accepting a friend request and then they will try to convince the friend to send money. All it takes is one success to make it worth their while doing this to hundreds of people. On the Facebook’s Hacked Accounts Help you’ll even see there’s a FAQ for “Someone is pretending to be my friend and is asking me for money.”
If Someone is Spoofing You
Here’s what you should do:
- Change your profile picture to something very different and caption the photo, “Hey friends, I’m changing my profile picture for now because someone is pretending to be me.” Facebook gives new profile pictures huge exposure and a wide swath of your friends will see it.
- Also post a status update that says “There’s another profile on Facebook pretending to be me. Don’t send them money. Please block them. I’ve reported it to Facebook.” (You’ll still get posts from friends warning you that you’ve been hacked but you know the difference, right?)
- Go to the thief’s profile and click the three-dot menu button and select “Report this profile.” Follow the instructions. When the person being spoofed reports it the thief’s profile is taken down much more quickly.
- Tangent: Sometimes the thief takes the time to block the person they’re spoofing, making it harder for you to report their fake profile. Ask a friend for the URL of the fake to use in your report. And ask friends to make a report for you. It will take a little longer for Facebook to act.
If a Friend has Been Spoofed
If you’re reading this because a friend is being spoofed, do this:
- Post on your friends wall/timeline and tag them in the post. “Hey so-and-so you’ve been spoofed, you should report it.”
- Include the URL of the faker profile so your friend can go right to it.
- Give them the URL for this blog if you think they might need it for reassurance. ( https://kallmaker.com/difference-hacking-spoofing-on-facebook/ )
- Do a report of your own. It’ll just take longer for Facebook to act on it. (Every once in a while, instead of allowing a report, Facebook tells you to message the friend instead. I have no idea why. Since you already did that you don’t need to do it again.)
- Return to the fake profile and delete the friend request. If offered the opportunity, mark it as spam. (Neither of my mobile devices offers this, but my desktop does.) Then using the three-dot menu again, block the profile permanently.
It will likely take a few hours to a day for the fake profile to disappear.
Don’t Fear or Rage Spiral over Spoofing, Just Move On
That’s it. It’s annoying and disconcerting, but don’t give these asshats more of your time or energy than the situation warrants. Have a cup of tea. Read a book. As you were.
* This advice may apply to other social media platforms, but I haven’t gone through it with them. Also, this is only my advice. Your own judgment is best.