Has my Facebook been hacked or is it an impersonation scam? It is important to understand the difference between the two.
Many Facebook users are told by their friends that their Facebook has been “hacked”. Sometimes this is because the friend received a new friend request from them even though they are already Facebook friends. Other times the friend received a “message” from them that didn’t seem quite right.
This leads to the user questioning their account and device security, as well as affecting their peace of mind.
There are many misunderstandings between a hack and an impersonation scam. Users need to understand the signs and symptoms of these scams, and how to deal with each of them.
What exactly is a Facebook impersonation scam?
This scam begins with someone creating a Facebook account using the same name and picture of an existing user. To do this the scammer does not need access to the account of the person they are pretending to be.
The scammer will usually take a user’s main profile picture, or another public picture, and set it as the profile picture for the fake account using the same name.
The scammer uses the friend list from the original account (if it is public) to try to add friends to this faked account. This makes it look like the friend request is from the impersonated person.
If someone accepts a friend request from a fake account, that account can then send Facebook Messenger messages to them. Those messages will often be a scam.
What is an actual hack?
If your friend receives a Facebook Messenger message, and the message looks suspicious, your account may actually have been hacked. This means that someone was able to get into the Facebook account by discovering your password, and sent messages to your friends.
These messages are often fairly vague and contain a link of some sort. Sometimes they ask for money or to view a photo or video. The message is meant to bait a person into a reaction and cause a user to click a link.
Users who click these links can then be subject to scams, phishing, malware and viruses. Clicking these links and interacting with what comes up is when a user can compromise the security of their device.
Realizing the Signs and Symptoms.
The first realization of a problem could be if you receive a friend request from someone who is already your friend on Facebook. The request must be coming from a different source than your friend. The scammer has no access to your friends actual Facebook account.
When a fake account is found, users should click on the name and use the report tool in the three dots. Choose the option to report that the user is “impersonating someone else” and then choose the secondary option of either my friend, or me as appropriate. Do not accept the request.
It is important that users notify friends if someone is impersonating them, and not accept the request or click on anything that is being sent. Anyone can report a fake account, and Facebook usually deletes them fairly quickly.
If you get a Facebook Messenger message from a friend, you can see if it is actually from their Facebook account. Friend’s messages are prominently displayed.
Note that you can also get a message from someone you are not friends with. Those messages will be located in a completely separate area of Messenger. This Lifewire article shows how to find FB Messenger messages from non-friends.
A strange Facebook Messenger message from a friend could be an indication that someone has gained access to their Facebook account. Notify your friend using another non-Facebook method, so that they can change their password for Facebook. This will lock the scammers out of their Facebook account. They should also notify their friends in Facebook to ignore any recent messages.
If you have recently accepted a friend request and are now receiving a strange Messenger messages, the “friend” may be a faked account. Do not click on any links, and report the fake account.
Although users can be fairly confident that fake accounts do not compromise their account security, they can still take steps to ensure their account isn’t at risk.
Use the Facebook search bar to look up your own name if you think someone has impersonated you. In most cases a fake account will look very similar to your own. Fake accounts generally have very few friends. You will also have the option to “Add friend” even though the account looks like it is yours.
If you have any doubt, change your password, and be sure 2FA is enabled. When changing your password, Facebook will offer the option to log other devices out. Use this option to make sure any hackers are blocked from your account. Use a unique and complex password.
Facebook also provides device tracking, login alerts, security checkups and tons of other security features to be sure an account remains untouched. This is all controlled through the Meta Accounts Center.
Additionally, If you have specific questions about Facebook Being Hacked vs Impersonation Scams, or if our terminology isn’t clear, please use our contact form to send us a message. Thank you!