A common Facebook social engineering or fraud tactic is to pick someone with friends you want to target, copy their Facebook profile entirely, and then start friending their friends one by one, until your new profile looks completely authentic. In the past, it was easy to get rid of these fraudsters by just reporting their account (click on the “…” in the upper-right of their profile, and then click “report”). But they’ve gotten smarter. Once the fraudsters realize you’re onto them they now block you, and you can’t access that account to report them any more – this is a flaw in Facebook’s system that I think needs to be fixed.

The problem happened with a distant cousin of mine. I received a friend request from him, and I had forgotten I even friended him. I’ve also had it happen with a few friends of mine where I had just thought they unfriended me and were changing their minds. Out of habit, I accepted the friend request, and immediately the fraudster (go report him!) messaged me as my cousin. He started asking me about some sort of military retirement plan – my grandfather, who served in the military, has the same name as me so I thought my cousin was just mixing me up with him.

Before I knew it, I realized it wasn’t the real cousin of mine. A quick look at the profile of the individual I was talking to confirmed such (there was only one update on their profile), and I called him out on it. Next thing I know, as I was just about to report it, the profile is gone – I thought it was a success and Facebook had discovered the impostor. I was wrong!

It turns out Facebook has a flaw where fraudsters like this can block you, removing your ability entirely to report them, and making it even harder for Facebook to identify these fraudulent accounts. He’s now harassing other family members of mine, the ones that don’t know how to report him. It’s actually a pretty smart move for a social engineer. So how do you protect yourself?

There a couple things you can do first, to protect yourself, and second to report these individuals:

  1. Don’t friend people you don’t know in real life! If you want others to follow you, go to your “Friends” page (see instructions in step 2), and click on “Followers”, then enable the follow button there. You can then use Facebook privacy on your posts to enable some posts as public for your followers and others just for your friends. The fraudster may not even be someone you know, and this is an easy tactic for social engineers to gradually get control of your profile, your Facebook Pages, or even your money. They just have to make you think they’re your friend!
  2. Mark your friend list to only be visible by a specific Facebook list you’ve identified as “trusted”. This is tricky, because it’s not in the normal Facebook privacy settings. You can do this by going to your Facebook profile (click on your name in the upper-right), and then clicking on the “Friends” link to take you to your list of Facebook friends. In the upper-right of that, click on the little pencil/edit icon, and select “edit privacy”. Now you’ll be given the option to select who can see your list of friends – in this area you want to select either just your friends, or get even narrower with a list of “close friends” you trust even more. When you’re in my friends list, you’re protected. You should protect your friends too.
  3. If you’ve previously friended the individual friending you before, look back at their profile to see how many posts they have. Usually the impostors only have one or two posts. They may have the same friends though. Also, search for the friend, and you’ll now see 2 profiles. Don’t accept this individual’s friend request! And that brings us to my final suggestion.
  4. Report the individual! Assuming they don’t block you, you can do this very easily by going to their profile, clicking the “…” in the upper-right, and then select “Report”. Select the appropriate categories and make sure you check the box to report to Facebook. The more of these Facebook receives, the faster the impostor will go away. Get all your friends to do this – it works!

    If the individual has blocked you, it’s not as easy (and something Facebook really needs a better solution for if you ask me). It took me about 5 clicks to finally find the form using Google Search (and good luck finding it directly on Facebook). Just go to this link, fill out the form, and they’ll be reported: https://www.facebook.com/help/contact/274459462613911

Unfortunately, there are many of these fraudsters that get away with what they’re doing, constantly harassing individuals and their friends because they don’t know how to get rid of them. Many older individuals end up just removing their Facebook accounts. Some go to the extent of removing all their Facebook account and opening a new one, erasing years of history with the individual.
Facebook really needs better solutions around this, but for now I hope this article can help you. Oh, and if you get a chance, go report this fraudulent profile for my cousin!: https://www.facebook.com/bill.stay.1