Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Could Someone Set Up a Fake Facebook Account in My Name?

There can be more than one.

Fake Facebook
Facebook identifies accounts with an email address, and tries to collect email addresses of friends. That can lead to fake accounts and unwanted invitations.
Question: I avoid Facebook. There are too many problems associated with it, plus it’s just not my thing. However, I have received email invitations (whatever that is) and I’ve deleted them. One person sent several over a few months. Do they get paid to recruit accounts? The invitations were from people that rarely if ever email me that have somehow retained my email address. But I digress. Can someone create a Facebook account in my name without my permission or knowledge? How do I check for any? What unique identifier does Facebook use? An email address? If found, how do I delete an erroneous account in my name? Obviously, if I didn’t create an account, I have no idea what the password is (assuming Facebook requires accounts to have passwords).

Yes, someone can create a Facebook account in your name without your permission or knowledge.

But there’s a lot more to your question.

Let’s work it in reverse order.

Become a Patron of Ask Leo! and go ad-free!


Fake accounts on Facebook

Facebook uniquely identifies accounts by email address. The owner of that email address must confirm via a message sent to that address. Facebook accounts can be, and often are, created with different email addresses, but with the same name, profile picture, and more, in an attempt to impersonate the original account holder. You can, and should, report to Facebook any accounts that appear to be impersonating you.

Facebook accounts

A Facebook account is no different than any other online account. Your “unique identifier”, as you call it, is your email address1, and you are required to set a password on the account. You log in to your Facebook account with your email address and password.

When you associate an email address with a Facebook account, you must verify you actually own that email address. Facebook sends an email to that email address, containing a link you must click to confirm that ownership. While you can associate multiple email addresses with a single Facebook account (a good idea for account recovery), you cannot use the same email address on different Facebook accounts.

Most importantly, you can’t use an email address with a Facebook account without the owner of that email account clicking the link to confirm it’s what they want. Put another way, no one can open a Facebook account using your email address unless you click the confirmation link to confirm it. (Unless, of course, your email account has been hacked, in which case you’ll likely have other problems.)

Facebook impersonation

What people can do is create Facebook accounts in your name using some other email address. It’s not your email address that was used; it’s someone else setting up their own Facebook account and making it look like you.

It’s very easy to set up imposter accounts on Facebook. Somebody can set up an email address using a free email service like or Gmail, and then create a Facebook account using your name and other information.

If you have a Facebook account, they can also use anything that’s publicly visible to make their account look more legitimate. If they can see your birthday, your location, your associations, likes, and follows, they can use all that. They can even make copies of and use any photos — including your profile photo — if those are publicly visible.

Even if you don’t have a Facebook account, they can use any information they know or are able to find to make their fake account look more like the real you.

And, to be extra clear, since it’s not using your email address, it’s not your account, and you have no control over it — even if everything in that account looks to be like you. The best you can do is report the imposter account, hope Facebook will help, and warn your friends there’s a fake ‘you’ on Facebook.

This kind of impersonation is, unfortunately, relatively common, and sadly, there’s little more you can do about it.

You should definitely contact Facebook; they have a Report an Impostor Account page.

If it starts to cross the line into illegal activity, defamation, or worse, you can try to contact law enforcement. (Just be forewarned that law enforcement has little time for this type of thing, and often very little expertise.)


Invitations — from Facebook or any other service — are nothing to worry about.

All an invitation means is that someone has your email address and can send you email. That’s it.

Given the number of people with whom we share our email address so they can send us email, it’s no surprise that those email addresses make their way into online services like Facebook, who would love for us to have an account.

There’s never been a bounty that I’m aware of, but there is an . . . interesting . . . technique that is also not unique to Facebook.

Sharing contacts

When people create an account with Facebook (and many other services), they’re often asked to share their contacts with the service. This contact list can be used in either of two ways:

  • It can be used to identify your friends who already use the service. Since email addresses uniquely identify users, and your contact list is full of email addresses, all the service needs to do is see who already has an account and connect the two of you, or at least recommend the connection. This is what most people expect when sharing their contacts with a service, and is the way that most “please share your contacts” requests are worded: as a service to you.


  • It can be used to identify the email addresses of all your friends who don’t use the service. The service can then send them all invitations to sign up for accounts. Many people consider this spam, and it’s the biggest reason not to share your contact lists with online services.2

So, other than a little spam, there’s nothing really underhanded about invitations you receive. It’s just the service being a little over-aggressive trying to recruit new members.

As long as somebody isn’t actually trying to impersonate you, the best thing you can do is delete the invitations you get.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio


Video Narration

Footnotes & References

1: Or, I believe, your mobile number.

2: At least until you’re certain they won’t spam your friends without accounts.

Footnotes & references

3: Or, I believe, your mobile number.

4: At least until you’re certain that they won’t spam your friends without accounts.

17 comments on “Could Someone Set Up a Fake Facebook Account in My Name?”

  1. I NEVER let Facebook have my address book. I just don’t trust them. Besides, even if they don’t do anything other than send invites, why do I need to send invites to everyone in my address book? Some are work related.

    Even if you don’t plan on using Facebook, I suggest that you set up a Facebook account. While it doesn’t necessarily prevent impersonation, it might make it more difficult to impersonate you.

    Besides that, I believe that once you have an account, if you get an invite that you are not interested in, you can tell Facebook to block the person sending the invite from sending any more invites.

    • Facebook is not the only one that does that. Many other “social” sites like Linked In also naggs and tries to sneak into your address book. Many “cute – click on this” items in facebook do not make it clear that using their site has a relatively hidden requirement that you allow them to access your list of emails.

  2. Thanx for another excellent article, Leo.

    Another small note is that there are lots of people with same names. There could be 597 facebook accounts with the name ‘Jane Madison’. Twelve of them might live in Anchorage, AK. A few might have other interests in common, like fishing, reading sci-fi, and watching the ‘Red Green’ show. Only the email address is unique. And even that can be similar.
    If someone has a facebook account under the email Jane123 @, there’s nothing to prevent someone from opening an email called Jane1234 @, and then opening a facebook account, or any other type of account, with that email.

  3. Leo,
    I see you still have a Facebook page so you’re not totally avoiding it. A few years ago you even had Facebook Fridays where your fans could ask questions about anything computer related. I wish you’d bring that back because you had easy to understand answers. In some cases I waited for that to ask a question instead of calling tech support and spending an hour trying to explain my issue to someone that had a difficult time speaking or understanding English. So I don’t think you’ve given up totally on Facebook.

  4. I don’t see how someone would be able set up a Facebook account in someone else’s name since according to their website they now require new accounts to provide identification such as a driver’s license.

    • I haven’t heard about that yet. Maybe I’ll experiment around with that and see how it works. (Not hijack someone’s name but maybe try with a fictitious name and see how Facebook does it.)

      • You tweaked my interest so I did some research. In response to the widespread negative publicity, FB apparently revised their procedures lately; appears currently it’s possible to set up an account with just a name and valid cellphone # or email plus DOB.

        However, if anyone should — for any reason — report the account as “fake” (which is sometimes done to silence differing views); or if their system flags it as possibly “fake”, FB will then log you out and begin asking for more, it may be a phone # if you’ve given email; you give a valid phone # and click “next” and they now want a photo. They may then tell you they are going to “verify” the photo (whatever that means) and sometimes that’s the last you hear from them.

        After years of being on the site, some folks have reported losing access to a friend network they have laboriously built up over months or years. I’ve read a few comments that even after people have given valid ID that hasn’t been good enough. With that kind of hawkish climate, I would imagine it would be difficult to try and impersonate someone else on that site.

        Zuckerberg made the news when he was quoted calling trusting users “dumb f’s” for trusting him with their data in 2004 (Business Insider). That just about summarizes FB for me. Unfortunately it’s nearly impossible to easily contact many businesses unless you do it via FB and become one of the “dumb f’s”.

        They go all-out to enforce their “real name” policy, because that is what the merchants prefer, having as much of your private info as possible, rewarding FB above others who have more user-friendly policies.

  5. The old technique of grabbing pictures and info from someones account , creating a gmail address, registering a Facebook account in the targets name then blocking them so they cannot see what your up to has largely disappeared since Facebook now require secondary account verification if you use a Free email like Gmail or the account gets disabled pretty quickly.

  6. I have a contact on my mobile phone who is listed by christian name only and they have a mobile phone, provided by their employer. Their Christian name, photo Etc often appears on on my facebook account, suggesting them as a friend or asking if I know them. The only contact I have with them, is by calling them on “their work mobile” from my mobile. Any suggestions as to how Facebook is linking them to a full name and photo

    • Not being a lawyer, this isn’t legal advice, but if you open a Facebook account for someone who asked you to do it for them and gave them the login and password, it’s their account and that wouldn’t be illegal. I’ve opened email accounts for friends and gave them the user name and password and told them how to change the password.

  7. Since this is an old post, I want to point out that Facebook security has been relaxing lately. Someone was able to copy all the info of my Facebook profile and made a new account under my name. When I reported it to Facebook as a “fake user account” Within 10 mins after “investigating” they shut the complaint down stating the routine ” sorry this doesn’t go against the guidelines” I was thinking umm yeah it should be against facebook policy to impersonate someone else account. Does anyone have insights on why Facebook is no longer truly investigate fraudulent accounts?

    • I haven’t had an account impersonating me, but I’ve been getting many friend requests from obviously fake accounts. They are accounts purportedly from women offering to have sex. Those accounts usually have only one post promising sex or some have the same post repeated several times, so it’s obvious that they are fake to anyone looking. Every time I report them, I get the message that Facebook has investigated and found those account don’t violate Facebook’s terms of service.

      The problem is that Facebook uses algorithms to determine whether those accounts should be deleted. From my experience, Facebook is the buggiest website on the Internet. I can’t understand how a company with so much money can have so many bugs which they fail to address for so long. My guess is that they don’t want to spend any money unless it affects their profits. They are a monopoly and aren’t answerable to the needs of their users.

      • So, it sounds like the “investigation team” is fully automated. There’s no way a human team actually checked these accounts personally. Some of these fake accounts are pretty obvious and wondered why Facebook didn’t do ID check when you have 2 exact same names. I did recall many years ago Facebook used to do that on a regular basis. So the only option for the users to report to their local law enforcement if the account involved any illegal action.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.