Watch CBS News

Impostor scam cons your Facebook friends

Do you know -- really know -- all of your Facebook friends? If not, you could become a victim of a scam that clones your Facebook account to hijack your friends' computers and personal information, according to the Better Business Bureau.

Generally the scam hits people who have loose privacy settings or are open to accepting loosely connected friends -- friends of friends; work associates; anyone that you don't know well. 

How it works is simple: You get a friend request from someone who you think is legitimate because they have mutual friends, work for your company, or, perhaps, are an alumnus of your school. And you decide to welcome them into your Facebook world.

However, by adding them to your roster of friends, this new person gets access to your photographs, listing of your other friends and other personal information about you. They use that to copy your photos, status, personal information and create a new Facebook account where they pose as you.

The impostor then starts friending your friends, who would have no reason to suspect that the friend request was coming from anyone but you. After accumulating enough of your unsuspecting friends to strike, the impostor will start doing one of three things: Ask for money -- "OMG. I'm overseas and was just robbed! I don't even have enough to get home!"  Or they might start promoting bogus business opportunities, such as work-at-home scams or some multi-level marketing opportunity. But the most pernicious crooks will start sending messages that link to sites that load malware onto your friends' computers.

The money requests are the easiest to combat, unless your friends are particularly gullible. Chances are, they'll pause and, hopefully, give you a call or text message before running down to Western Union to wire money. And, hopefully, they won't send money to launch a new at-home business or get into another "opportunity" either. The simple advice here is never take a job that requires you to pay them. It's a waving red flag that the job offer is a con.

The malware sites are another story. They entice you to click on a link to see "a funny video of you" or an embarrassing photo. Naturally, when the friend clicks on the link, there's no video or photo. But going to the site allows the site to load malware onto the victim's computer. The most toxic of the malware sites load keystroke detection software into your friends' systems, which can record user names and passwords for all of your friends' online accounts.

Combating this fraud can be challenging, particularly for those who already have large, unwieldy accounts with hundreds (or thousands) of friends. However, you can reduce the risk of getting scammed by being judicious about accepting new friends -- even from people you think you know.

Many of these scam accounts are being opened by overseas con artists, who count on your carelessness. Fake accounts and posts often include typos and grammatical errors. Before accepting a friend request, look at the site and ask yourself whether the language and tenor of the site is consistent with that friend's nature. If not -- or if you don't know the person well enough to know -- pass on the friend request. 

If you’re uncertain, go old school and give your friend a call. That might save you both from being scammed. If the request came from an imposter account, the real owner of that name and profile can ask Facebook to eliminate the imposter account. But, of course, you can’t do that until you find out that it exists.

Meanwhile, also pause and think before clicking on a link. While some links are clearly labeled as being to a legitimate site, the ones that have no label should be approached with caution. Again, check before clicking by sending your friend a personal message to ask where the link goes or what the picture shows. Chances are good that your friend didn't post the link. 

And certainly never send money to someone who contacts you via Facebook or email. Know that if your friend was really robbed overseas, they could call you. Or go to the U.S. Embassy and get help. If they had a great business opportunity and knew you were looking, they'd also likely call or message you personally. But know that any business that asks you to pay them before starting is likely to be a scam. Check out the business with the Better Business Bureau before sending anyone a check.

In today's age, anti-virus software is also a must. If you don't have it on your computer, get it. Buy it from a legitimate company like McAfee or Norton. Keep it updated. It's worth the annual subscription cost.

Finally, if you discover an impostor account, report it to Facebook. This happens frequently enough that the site has an online procedure for reporting bogus accounts that you can complete in a matter of minutes. By getting the impostor shut down, you might just save your other friends a ton of inconvenience.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.