Attack of the (Facebook) Clones?
A number of Facebook users have reported instances of Facebook cloning in the last few months where their Facebook profiles were cloned. Sam Cowen interviewed me on Talk Radio 702 and you can listen to our discussion on the EWN site
The profiles cloned tend to be South African users’ profiles and it is not clear what the purpose of this cloning wave is. What seems to be happening is the following:
- Facebook users tend to receive friend requests, seemingly from existing Facebook friends (despite having friended them already);
- The requests seem to emanate from legitimate Facebook profiles so many users initially accepted the friend requests;
- The users who appeared to send the friend requests subsequently discovered that their profiles had been cloned (or copied) and that their cloned profiles were sending friend requests to their Facebook friends whose profiles were also cloned and their friends contacted by the clones;
- Cloned profiles seem to be blocking authentic profiles and this means the authentic users can’t see the cloned profiles and report them so reports about cloned profiles usually come from users’ friends who query the new friend requests with them;
- Cloned profiles include photos, posts and other profile data gleaned from the authentic profiles and this seems to depend on how much profile data and content is visible to the cloners when they create the cloned profiles.
A Very Unscientific Survey
I conducted a short survey to test some of my assumptions about the cloning. The survey asked three questions:
- Was your Facebook friends’ list publicly visible?
- Did the cloned Facebook profile (the copy of your profile) contain any content or information you did not share publicly?
- How well do you understand your Facebook privacy settings?
The responses are interesting:
Why Is Facebook Cloning Happening?
It’s not clear yet what the purpose of this activity is. There are a couple theories though.
Likes for Sale Theory
One theory is that the cloners are creating large networks of seemingly legitimate profiles that are connected to each other and engage with each other. All of the activities you engage in on Facebook give Facebook valuable information about your preferences, your friends’ preferences and the nature and extent of your digital relationships with each others and brands. By creating cloned profiles and connecting them through friend requests, the cloners are likely creating seemingly credible profiles that may not be readily identifiable as fake (at least not by Facebook).
What they could be doing is something similar to the recent fake Twitter followers scam although with a view to selling a number of guaranteed likes to brands who would like to give their Pages a popularity boost. This sort of model has been around for a while and wouldn’t be surprising. The difference between the Twitter #fakefollowers schemes and Facebook cloning is that Facebook’s social graph-based ranking and assessment model likely creates opportunities for cloned profiles to be viewed as legitimate whereas fake Twitter followers seem to be fairly quickly identified and removed from the system.
Another possible reason for the cloned profiles is to use cloned profiles as a means to impersonate legitimate users elsewhere on the Web and, possibly, offline using Facebook profiles as a form of authentication. Whether this works will depend a lot on how much personal information is accessible to the cloners and there are two broad possibilities:
- Personal information (for example, phone numbers, birthday and anniversary dates and address details) that are visible to “Public” are inherently insecure and open to misappropriation even if the cloners don’t clone your profile (although there is an interesting argument for better identity security through more open disclosure although this needs to be handled carefully); and
- Personal information only visible to “Friends”, for example, will still be accessible to cloners who successfully friend you so look carefully at any suspect friend requests.
Another theory which is related to the Likes for Sale Theory suggests that the value in creating these networks of cloned profiles is in the personal data they contain and which could be used to target ads at the authentic users in some way (possibly outside Facebook using phone or email details). Whether this method works would also depend on the same sorts of considerations in the Identity Theft theory.
What Can You Do About This?
Because it isn’t clear precisely what the cloners are doing, it may not be possible to prevent their activities completely but here are a few suggestions which should help you better secure your Facebook profile and probably help thwart the cloners to a degree too.
Adjust Your Security Settings
First, go to your privacy settings:
Once here, consider changing the privacy setting for past Facebook posts. This option will make it more difficult for cloners to create convincing a convincing clone of your profile if you haven’t friended the cloned profile:
Next, open your security settings:
Consider enabling the following security settings:
A variation of this is the code generator option which enables you to either use the Facebook app on iOS or Android to generate a unique code to authenticate yourself or you can use a third party code generator like Google Authenticator to generate a time sensitive code for the same purpose.
Adjust Your Profile Privacy Settings
Next, you should consider modifying your privacy settings for your friends list and profile data. To do this, go to your Timeline (click on your name in the top Facebook bar), go to your friends page and click on the pencil icon:
Select the option to edit privacy and check the following settings:
Once this is done, close the window and go to your “About” page in your profile and check the following settings:
Know Your Privacy Settings
These cloning activities highlight the importance of familiarising yourself with your privacy and security settings and managing your privacy settings to suit your preferences.
The smart young people at htxt.africa also have a couple suggestions which are worth exploring: