Social Engineering with Cloned Facebook Profiles

Warning from the team about invitations to cloned Facebook profiles, which criminals are using to try to get access to the contact details of friends.

The trick works by criminals generating copies of existing Facebook profiles and through this getting access to photos and profile details of the real account. Following this, the “interesting” contacts of the real profile owner are investigated and a new invitation to connect is sent to them. Many users accept such invitations without hesitation, because they know the person. Almost as soon as the invitation has been accepted, a personal message arrives by Facebook Messenger, to say that your friend has lost his/her own access details and all details of their contacts. The informal message now asks friends to provide their telephone numbers.

Alongside private individuals, this kind of Social Engineering seems currently to be affecting, above all, people who present themselves on their Facebook profile as a business owner or service provider. The cases that have been reported to us have impacted the CEO of a small enterprise and someone who operates a personnel agency.

In the cases described, it is not assumed that the user accounts were hacked, but to be certain, affected users should change their Facebook password. If you become aware of a cloned account, you should report this to Facebook and select the option “This profile/timeline is pretending to be someone or fake”. In the cases known to us, checking and deletion was undertaken within one day. We also recommend explaining the incident to your Facebook friends in a post on your own profile.

If there is cause to believe that this incident has caused financial or other damage, you should report the incident to the police.

If a non-user of Facebook discovers that someone has abused their identity on Facebook, this can be reported to Facebook as a non-user at

For business owners and service providers, the question may arise as to whether it is necessary to offer a public profile on Facebook, or to restrict access to a limited circle of friends. After all, a business Facebook profile has developed almost the same status as having one’s own homepage. Facebook itself offers a quite detailed overview on the topic of privacy, and at the same time, it pays to visit the information page on the protection of your account.