Q: How can I keep scammers from sending a duplicate friend request to all my friends?
A: Anyone that uses Facebook has likely received a friend request from someone that they already had a connection with.
When these duplicate profiles appear, they aren’t because your account has been hacked, but because your profile has been cloned or spoofed.
Make your profile undesirable to spoofers
Spoofing victims are generally targeted because their “Friends List” privacy settings are set to public, which means anyone can see who their friends are.
That’s how the scammers with the cloned profile know who to send the duplicate friend requests to — basically anyone in your publicly available friends list.
To check the privacy setting for your friends list, go to Settings, then Privacy and scroll down and open the “Who can see your friends list?” section. Select anything other than Public to thwart spoofers, or if you really want to lock it down, change the privacy setting to Only Me.
Tip for accepting friend requests
A good process to adopt before accepting any friend requests — especially if you’re thinking “Aren’t we already friends?” — is to always go to the associated profile before you accept them.
Spoofed profiles will be obvious because they have few or no posts and a small number of friends.
Reporting spoofed profiles
To report a spoofed profile, click on the three dots to the right of the Message button on their cover photo and select “Find Support or Report Profile” and then “Pretending to Be Someone.”
Continue to answer the questions about who they are spoofing in order to help get the profile taken down, which can happen fairly quickly. I make it a point to notify the friend that has been spoofed so they can post a warning to their friends.
The more people that report the spoofed profile, the quicker it will get pulled down.
Sign your profile is compromised
Anytime you think your profile has been “hacked,” there’s a simple step you can take to see if there are obvious signs.
Start by going to “Settings,” then to “Security and Login” to show you “Where You’re Logged In.” The list will be in reverse chronological order, starting with your current session and will include a rough location and the device that was used to login.
If anything on the list is clearly not any of your devices or locations, it’s a good bet that someone has your username and password — so change your password immediately. You can log out of any of the sessions by clicking the three dots to the far right of that session.
If the list is very long and you want to clear them all, you can choose “Log Out Of All Sessions” at the bottom of the list.
If you want to set up a way to get back into your account in the event you are ever locked out, be sure to go back to the top of the “Security and Login” page and choose friends to contact if you get locked out.