“Hack” is a catch-all phrase. What they’re doing is cloning someone’s profile. Here’s what you need to know.

If you’ve been on Facebook for any time at all, you’ve probably seen at least a few Facebook friends posting apologies that their account has been “hacked” and ignoring any friend requests or messages appearing to come from them. Have you ever wondered how this happens? Have you ever wondered what the people behind these clones are actually trying to gain? 

 Most of the time Facebook accounts aren’t hacked, they’re cloned. Someone has created a new profile using your name and photo. They then send friend requests to people on your friend’s list and send weird-looking messages. 


Over the weekend two of my friends posted that their accounts had been “hacked”. Both found out about the clone through friends who notified them that they’d received either a message or another friend request.

How do they get your photo? It’s easy. Just right-click on your public Facebook profile photo and then save. When they create a new profile they upload your photo as their own and choose your name. If your “Friends List” is public, they’ve looked at your profile and sent friend requests to most, if not all of them. 

So it’s easy theft. Bad guys don’t have to go through Facebook to set up a new account the way we all did. I did a quick Google search and found thousands and thousands of Facebook and Instagram logins for sale on the internet along with friends lists. Most accounts were created overseas. For less than a dollar, someone can purchase two or three Facebook logins and passwords and then create whatever type of profile they want.

Have you ever wondered what the bad guys hope to gain from cloned profiles? 

They’re hoping someone clicks on a message they send to Facebook friends who may be tricked to think it’s actually coming from you. These are odd messages such as “Is this you?” or “Check out this video”. The link might install malware to steal information or even ransomware that encrypts everything on your computer. They’ll ask for money in Bitcoin to get it back. Ransoms are generally several thousand dollars. The bad guy promises to un-encrypt your hard drives so you can retrieve photos and everything else on your computer. 

Cyber criminals are evil geniuses.

What happens if you don’t have the money? Some cyberthieves offer to un-do their dirty work for free if you agree to send the ransomware to three other people. In a sense, we don’t have to worry about 200-thousand bad guys but nearly 8 billion people around the world. That’s an evil genius wouldn’t you say?

Here’s another tactic they use: My friend whose profile was cloned soon received some “helpful” comments in her post, telling her and others to contact someone who can recover their account. The person who can “restore your Facebook account”, they say can be reached on Instagram or WhatsApp. My friend didn’t know the people leaving the comments, so they are likely behind the cloned account. I did some digging. 

One of the people who left a comment was named Gold Clinton. When I clicked on her profile I found she has no Facebook friends and only a couple of posts which were pictures of food. I searched for her profile photo using www.tineye.com and found her profile photo is actually a photograph of Tricia Cusden, an author of a book about beauty secrets. The cyber-bad guys copied and pasted Ms. Cusden’s online photo to create a fake account to advertise another scam.

That’s the bad guy’s MO, method of operation. Armed with that information your next questions are probably “How do I protect my account and what should you do if your Facebook profile has been cloned? We’ll talk about that next time. You don’t want to miss it.