Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 260: BE WARY OF CLONING FACEBOOK ACCOUNTS SCHEME
Reference Number ACG-CSB 080122260
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person's name and sends friend requests to people on the user's list. Chain messages about account or data security regularly spread around Facebook. Although the people reposting these messages typically have good intentions, not all of them turn out to be warnings of real threats.
The scam does not require any advanced technical knowledge or skills because the user accounts are not actually hacked, just copied. Anyone on Facebook can see anyone else’s profile picture and copy the image. Furthermore, because of the nature and purpose of social networking, most people’s friends’ lists are public, which means that the attacker can see, and send a request to any of the user’s friends.
Facebook cloning is a technique where scammers use a person’s publicly available Facebook information to create a fake copy of the person’s profile. They do not have to hack persons Facebook profile, but scammers who clone accounts are looking to send malicious links to the person’s friends, manipulate the person’s family and friends to give them money with a fake story, send phishing links, extract the victim’s personal information from their friends to make the fake account look more convincing or compromise the person’s reputation by posting something inappropriate. Some of these scammers even try to report their victim’s legitimate account as the imposter.
Scammers usually copy the person’s photos, date of birth, interests, and other publicly available information that they specified on the current page. By creating cloned pages, scammers want to trick the victim’s friends into money or other valuable data. Modern adolescents can quickly identify clones, but what to do for the older ones, because cloning can cause severe damage since fraudsters can steal contacts, passwords from bank cards or other social networks. When scammers reach out to these contacts, they might send a message with a phishing link and because your contacts trust, you there is a chance they will click on that link.
Unfortunately, a scammer can clone a profile on any platform, not just Facebook. Even being blue-checked certified does not protect individual from potentially experiencing a cloning or hacking situation. They do not need login information of their target, but simply need the profile picture, which is as easy to get as a right-click and save. Facebook allows anyone to create an account. The only validation is that they verify email which the scammer’s provide, and they do not know who’s email that is.
There are many scam variations on social media, and it can be challenging to examine through what is real and what is not. Scammers seemingly use every trick in the book to steal information online. From sneaky malware to fake text messages, Facebook account cloning, many people fall for them daily. Even when the premise of a scam seems outlandish, many cannot resist the urge to act.
Some will do their best to warn others about new scams or malware spreading. Unfortunately, a simple message can get tangled up in alarmist wording. While no measure can fully protect us from Facebook account cloning, we can minimize its possibility by publicly exposing as little information on Facebook as possible. Adjust privacy settings and make sure to make everything private. Social media is a great way to document important life moments and progress, it is also a platform that is open for the world to see. Be careful about what you post and who you allow access to it.
All PNP personnel as well as the public are advised to follow these tips to avoid being a victim of Cloning Facebook Accounts Scheme:
- Manage who can see you as a friend on Facebook;
- Remove your personal profile from search engine results;
- Activate two-factor authentication;
- Activate and manage your alerts;
- Update your privacy settings; and
- Be mindful of what you share with people outside your friends' list and the platform.
For additional information, please refer to the following websites:
POINT OF CONTACT