Shouldn’t Facebook Provide Better Resistance to Cloned Accounts?
This is a real request, not just a gratuitous blog post. A friend of mine has been attacked on Facebook. Her account has been cloned. I’m way too busy consulting this week to drop everything and track this down, so I’m appealing to my “security social network” for help. Have any of you security genius connections out there (or my new friends-to-be) had any experience getting rid of cloned Facebook accounts?
This is my first encounter with Facebook cloning, but per this blog post I found by Jannie Ruppersberg on the subject:
“Facebook profile cloning is a type of identity theft where dodgy characters literally make a second profile that looks exactly like your current one….With this cloned profile they then join and like all the Fan pages and groups you belong to. They even go as far as copying your latest posts or comments. They do all of this to give this cloned profile the exact same look and feel as the real one making it very difficult to spot it as a fake.”
Per the post, the only way to get rid of a cloned account is to be logged in as the victim, go to the cloned page and report the problem to Facebook from there. That still seems to be true, according to some “support” I found on Facebook’s site.
But according to Ruppersberg that doesn’t work very well: The hacker can “view your real profile with the fake account and simply [click] on Report/block. Once this is done you will never be able to see this new profile and won’t even know of its existence! They can now do anything they want on Facebook AS YOU without you knowing that they even exist!“
It seems to me that Facebook should provide a better solution than this. Don’t you think? Why can’t the company use its powerful analytics to protect users for cloning and invest in an account dispute resolution process the lawyers can sign off on? If you’re from Facebook and reading this, you really should comment here, or reply to one of the tweets or linked in posts I’m going to send so that we can get the word out on how to solve this problem.
If you’re not from Facebook – this is as far as I’ve got. And I’m so busy I woke up at 3:52 AM this morning to work. Please help with any information so that I can solve my friend’s problem. I don’t like it when my friends get bothered by cyber-criminals or cyber-nuisances…
I wouldn’t personally follow Ruppersberg’s advice to “get off Facebook” because of this. At least, not yet. If your account hasn’t been cloned (yet?), the best antidote may be to follow the instructions at this URL to set your friend list to “only me.” This makes it harder for cloners or other attackers to discover your friends and bother them, or attack you through your friends.