I accepted a fake Facebook friend request, should I be afraid?

Filed Under: Facebook, Malware, Privacy, Social networks, Spam

Should you be afraid if an imposter duplicates a friend's Facebook account and connects with you on the social network?

That's the question I was asked on Twitter this weekend, and I thought rather than try to squeeze my response to Michael into 140 characters it probably warranted a few more bytes worth of attention.

The short answer as to whether you should be afraid or not, even if you have since unfriended the bogus user, is "possibly".

First things first, why might someone have created an account in the name of somebody you know and attempted to trick you into accepting them as a friend? Here are some possibilities:

  • Stalker. We don't know who it is who is trying to enter your circle of friends on Facebook, but it could be someone who wants to track your activity without you know. Possibilities include a jealous partner you've fallen out with, a rival in love or business, or simply someone who has an unhealthy crush on you.

    Whatever their motive, someone stalking your online activities and able to read your newsfeed without your permission is creepy. Imagine, for instance, the possibility of coming to harm if you are using a service like Facebook Places which allows other users to determine your physical location.
  • Identity thief. Your bogus Facebook friend may be interested in your profile because of the information you might be sharing up there.

    Full date of birth on Facebook

    In the past we've discovered that many users are all too willing to share a dangerous amount of personal information with complete strangers on Facebook - such as their full date of birth, email address, and phone number. This is all information that could be useful to identity thieves.
  • Spammer/Malware author. You're more likely to open a message from a Facebook "friend" than a complete stranger, because you implicitly trust the person you believe has sent you the message. Therefore, if a bogus Facebook friend sends you a link to a webpage with an alluring enough title, you might well click on it.

    Spam from a Facebook friend

    Don't be surprised if you're taken to a webpage containing adverts for improving your sexual performance, or a website carrying a malicious Trojan horse, a rogue Facebook application that tricks you into taking a survey, or even a bogus Facebook login page that attempts to phish your password from you.
  • Scammer. As well as the malware, phishing and spam shenanigans described above, one confidence trick we often see imposters performing on Facebook is the "stranded in a foreign city" scam. Although these can occur when a genuine friend's Facebook account is taken over by a scammer, it's also possible for fraudsters to create an account in the name of somebody you know with the intention of tricking you into wiring them money.

So, imposters posing as your friends on Facebook can use the tactic to keep tabs on you, to steal personal information from you, and to try to spread malware and spam.

But more than that, they can use your acceptance of them into your network of friends as a springboard for connecting with others on Facebook too. For instance, imagine Bogus Ben manages to trick you into becoming Facebook friends with him. Bogus Ben can then approach your other friends, and the fact that he is already linked on Facebook to you effectively endorses him to them.

Don't forget that anyone can create an account on Facebook which uses a bogus name, and scrape together some personal information and a photograph to make it a convincing fake identity to trick you into accepting their friend request. Websites like FriendsReunited and Classmates have made it easy to work out who individuals might have known years before, and give imposters a head start as to who they might want to pose as.

Graham Cluleys on Facebook

Of course, stalking, spamming, spreading malware and identity theft can all occur on Facebook without creating a bogus account. It's also important to realise that cybercriminals have often hijacked genuine users' accounts to spread these sorts of attacks too. So you may already have added a legitimate friend to your network on Facebook, only for their account to later begin to send you, for instance, spam-laden links

But to go back to the original question - should you be afraid?

Well, that rather depends on what information you share on your Facebook page, or whether you clicked on any links or ran any applications promoted by the imposter.

If you find that you've befriended a false Facebook friend, unfriend them immediately and warn your genuine friends about what happened in case they have also added them to their network. You should also check out our tips for better security and privacy on Facebook to make sure that you are following best practices to defend your account.

One thing you definitely need to learn is that it's sadly just not possible to tell if you should accept someone's friend request on Facebook just because you recognise their name. Everything on Facebook can be faked, and so the only way you can tell if a friend request was genuine or not is to speak (yes, in real life!) with the person who is trying to add you as a friend.

Otherwise, it might be an imposter, and their motive might vary from mischief to malice.

If you want to learn more about threats on Facebook, join the Sophos Facebook page where more than 100,000 people are benefiting from early warnings about the latest attacks.

, , , ,

You might like

20 Responses to I accepted a fake Facebook friend request, should I be afraid?

  1. Maureen Chantalle · 1276 days ago

    I managed to share the link on fb just fine :)

  2. MikeA · 1276 days ago

    I think its worth bearing in mind that there may be a number of people with the same name(s) on FB. Certainly its suspicious if they duplicate the information/picture of a friend, but its just possible that there may be an innocent explanation.
    In ANY case, its worth looking carefully at ANYONES information before accepting a friend request.

    • KKM · 205 days ago

      MikeA - you are well wrong little man. There is NO legitimate reason for anyone to set up an account in someone else's name and using their photos. In most jurisdictions that is already identity theft.

  3. Steve · 1276 days ago

    Let me guess "this page has been identified as spammy"

    I had the same thing trying to share the warning about apps that claim to show who viewed your profile.

  4. mydailysoapbox · 1276 days ago

    I was blocked from posting as well.

  5. mydailysoapbox · 1276 days ago

    You have to post using the link not the share button on this page. Once I posted with the link, it was fine.

  6. Tim · 1276 days ago

    I just tried to post this information on FB, and got a blocked message notification that this page has been reported abusive. Maybe you're really getting the attention of the FB folks big time now.

  7. Thanks for the reply, it's much as I thought. I will be closely monitoring Facebook to see if my account gets duplicated in the same way.

    I should add that the "mark" in this case was a woman in her 50s (60s?) and at the time I felt that it was plausible that she could have misplaced the details of her old account and started a new one from scratch.

    The imposter had registered a yahoo.com account in her name, and presumably used this to register the facebook account.

    I guess this means that if you get a friend request from someone you're already friends with, check with them first to make sure it's legit!

  8. Thanks to everyone who reported this to us. We got in touch with Facebook who appear to have resolved the issue. You should no longer be blocked from sharing this and other pages on Naked Security.

  9. Just ignore whatever freaky things that fake profile says, then its safe. But I think you should remove that fake profile unless you want to increase you friends =P

    Hit Facebook spam apps on the face, block'em

  10. Thu Win · 1199 days ago

    Or the easist way to verify "friend" request is to phone/talk/contact your friend directly and ask her/him to add you via the Facebook shortcode (ie link to your profile) or vice versa.

    I always add "strangers" to a special "restricted" group until I can verify them personally.

  11. David Smith · 1166 days ago

    On the topic of accepting a fake friend request - the novel, The Friend Request by Alex Ford, deals exactly with this topic. It's worth checking it out

  12. sandra · 1151 days ago

    uhhh should i be worried cuz im friendz with this girl named ashlee smith and i have no idea who she iz 2 make it even more suspicious 4 of my geniune friendz that i knw in real life are friendz with her 2. she claimes she works at red lobster and is living in irving tx i live in sherman tx so of course i wouldnt knw her im just not sure of what 2 do??

  13. My suggestion would be that if you don't know them, unfriend them!

  14. Joanna · 1085 days ago

    One thing that comes to my mind is, the imposer has most likely had an access to the users photos. Most FB users have their photos shared with friends. So it's possible that some of those photos are used on future scams. Most users has "tagged or at least named the persons on their photos and so on, so it's easy to create another bogus account with the right name and even add the right face on that account.

    That's a scary thought. Makes it way harder to know when you're really accepting a real or fake friend-invitation. Careless surfer may so easily get screwed so many ways online. Be careful people, and don't share too much information of yourself.

  15. Theresa · 1085 days ago

    I would go further and Block them as well.

  16. d strain · 1085 days ago

    someone set an account up in my daughters name and caused alot of bother this person even had a pic of a yorkie it made family and friends belive it was my daughter. once the friend request was accepted this person caused alot of bother my 11 year old was hated by lots of people till they realised it was a bogus account as of she is no longer on fb

  17. ron · 1081 days ago

    Linkden is another of these things people invite me to join known & unknown but it is not possible to see anything on site unless you are a member which is too late if you find something you dont like so I always say no.

  18. J~R~S · 899 days ago

    My exboyfriend is stalking me in person and on FB. He is sending.Fake friend requests to my friends of friends. I have reported him and blocked him but it still happens everyday. I have also had friends of mine go to his acct. and report him. I've done this many times but apparently FB does not care.

  19. yasssine · 27 days ago

    Linkden is another of these things people invite me to join known & unknown but it is not possible to see anything on site unless you are a member which is too late if you find something you dont like so I always say no

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.