Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Could Someone Set Up a Facebook Account in My Name?

//
I avoid Facebook. There are too many problems associated with it, plus it’s just not my thing. However, I have received email invitations (whatever that is) and I’ve deleted them. One person sent several over a few months. Do they get paid to recruit accounts? The invitations were from people that rarely if ever email me that have somehow retained my email address. But I digress. Can someone create a Facebook account in my name without my permission or knowledge? How do I check for any? What unique identifier does Facebook use? An email address? If found, how do I delete an erroneous account in my name? Obviously, if I didn’t create an account, I have no idea what the password is (assuming Facebook requires accounts to have passwords).

There’s a lot to this question.

Let’s work it in reverse order.

Become a Patron of Ask Leo! and go ad-free!

Facebook accounts

A Facebook account is no different than any other online account. Your “unique identifier”, as you call it, is your email address1, and indeed, you are required to set a password on the account. You log in to your Facebook account with your email address and password.

When you associate an email address with a Facebook account, you must verify that you actually own that email address. Facebook sends an email to that email address, containing a link you must click to confirm that ownership. While you can associate multiple email addresses with a single Facebook account (a good idea for account recovery), you cannot use the same email address on different Facebook accounts.

Most importantly, you can’t use an email address with a Facebook account without the owner of that email account clicking the link to confirm it’s what they want. Put another way, no one can open a Facebook account using your email address unless you click the confirmation link to confirm it. (Unless, of course, your email account has been hacked, in which case you’ll likely have other problems.)

Facebook impersonation

FacebookWhat people can do is create Facebook accounts in your name using some other email address. It’s not your email address that was used; it’s someone else setting up their own Facebook account and making it look like you.

It’s very easy to set up imposter accounts. Somebody can set up an email address using a free email service like Outlook.com or Gmail, and then create the Facebook account using your name and other information.

If you have a Facebook account, they can also use anything that’s publicly visible to make their account look more legitimate. If they can see your birthday, your location, your associations, likes, and follows, they can use all that. They can even make copies of and use any photos — including your profile photo — if those are publicly visible.

Even if you don’t have a Facebook account, they can use any information they know or are able to find to make their fake account look more like the real you.

And, to be extra clear, since it’s not using your email address, it’s not your account, and you do not have control over it — even if everything in that account looks to be like you. The best you can do is hope Facebook will help and warn your friends there’s a fake ‘you’ on Facebook.

This kind of impersonation is, unfortunately, relatively common, and sadly, there’s little you can do about it.

You should definitely contact Facebook; they have a Report an Impostor Account page.

If it starts to cross the line into illegal activity, defamation, or worse, you can try to contact law enforcement. (Just be forewarned that law enforcement has little time for this type of thing, and often very little expertise.)

Invitations

Invitations — from Facebook or any other service — are nothing to worry about.

All an invitation means is that someone has your email address and can send you email. That’s it.

Given the number of people with whom we share our email address so they can send us email, it’s no surprise that those email addresses make their way into online services like Facebook, who would love for us to have an account.

There’s never been a bounty that I’m aware of, but there is an … interesting … technique that is also not unique to Facebook.

Sharing contacts

When people set up an account with Facebook (and many other services), they’re asked to share their contacts with the service. This contact list can be used in either of two ways:

  • It can be used to identify your friends who already use the service. Since email addresses uniquely identify users, and your contact list is full of email addresses, all the service needs to do is see who already has an account and connect the two of you, or at least suggest the connection. This is what most people expect when sharing their contacts with a service, and is the way that most “please share your contacts” requests are worded: as a service to you.

And/or:

  • It can be used to identify the email addresses of all your friends who don’t use the service. The service can then send them all invitations to sign up for accounts. Many people consider this spam, and it’s the biggest reason not to share your contact lists with online services.2

So, other than a little spam, there’s nothing really underhanded about invitations you receive. It’s just the service being a little over-aggressive trying to recruit new members.

As long as somebody isn’t actually trying to impersonate you, the best thing you can do is delete the invitations you get.

Podcast audio

Play

Video Narration

Footnotes & references

1: Or, I believe, your mobile number.

2: At least until you’re certain that they won’t spam your friends without accounts.

12 comments on “Could Someone Set Up a Facebook Account in My Name?”

  1. I NEVER let Facebook have my address book. I just don’t trust them. Besides, even if they don’t do anything other than send invites, why do I need to send invites to everyone in my address book? Some are work related.

    Even if you don’t plan on using Facebook, I suggest that you set up a Facebook account. While it doesn’t necessarily prevent impersonation, it might make it more difficult to impersonate you.

    Besides that, I believe that once you have an account, if you get an invite that you are not interested in, you can tell Facebook to block the person sending the invite from sending any more invites.

    • Facebook is not the only one that does that. Many other “social” sites like Linked In also naggs and tries to sneak into your address book. Many “cute – click on this” items in facebook do not make it clear that using their site has a relatively hidden requirement that you allow them to access your list of emails.

  2. Thanx for another excellent article, Leo.

    Another small note is that there are lots of people with same names. There could be 597 facebook accounts with the name ‘Jane Madison’. Twelve of them might live in Anchorage, AK. A few might have other interests in common, like fishing, reading sci-fi, and watching the ‘Red Green’ show. Only the email address is unique. And even that can be similar.
    If someone has a facebook account under the email Jane123 @ TMail.net, there’s nothing to prevent someone from opening an email called Jane1234 @ TMail.net, and then opening a facebook account, or any other type of account, with that email.

  3. Leo,
    I see you still have a Facebook page so you’re not totally avoiding it. A few years ago you even had Facebook Fridays where your fans could ask questions about anything computer related. I wish you’d bring that back because you had easy to understand answers. In some cases I waited for that to ask a question instead of calling tech support and spending an hour trying to explain my issue to someone that had a difficult time speaking or understanding English. So I don’t think you’ve given up totally on Facebook.

  4. I don’t see how someone would be able set up a Facebook account in someone else’s name since according to their website they now require new accounts to provide identification such as a driver’s license.

    • I haven’t heard about that yet. Maybe I’ll experiment around with that and see how it works. (Not hijack someone’s name but maybe try with a fictitious name and see how Facebook does it.)

      • You tweaked my interest so I did some research. In response to the widespread negative publicity, FB apparently revised their procedures lately; appears currently it’s possible to set up an account with just a name and valid cellphone # or email plus DOB.

        However, if anyone should — for any reason — report the account as “fake” (which is sometimes done to silence differing views); or if their system flags it as possibly “fake”, FB will then log you out and begin asking for more, it may be a phone # if you’ve given email; you give a valid phone # and click “next” and they now want a photo. They may then tell you they are going to “verify” the photo (whatever that means) and sometimes that’s the last you hear from them.

        After years of being on the site, some folks have reported losing access to a friend network they have laboriously built up over months or years. I’ve read a few comments that even after people have given valid ID that hasn’t been good enough. With that kind of hawkish climate, I would imagine it would be difficult to try and impersonate someone else on that site.

        Zuckerberg made the news when he was quoted calling trusting users “dumb f’s” for trusting him with their data in 2004 (Business Insider). That just about summarizes FB for me. Unfortunately it’s nearly impossible to easily contact many businesses unless you do it via FB and become one of the “dumb f’s”.

        They go all-out to enforce their “real name” policy, because that is what the merchants prefer, having as much of your private info as possible, rewarding FB above others who have more user-friendly policies.

  5. The old technique of grabbing pictures and info from someones account , creating a gmail address, registering a Facebook account in the targets name then blocking them so they cannot see what your up to has largely disappeared since Facebook now require secondary account verification if you use a Free email like Gmail or the account gets disabled pretty quickly.

  6. I have a contact on my mobile phone who is listed by christian name only and they have a mobile phone, provided by their employer. Their Christian name, photo Etc often appears on on my facebook account, suggesting them as a friend or asking if I know them. The only contact I have with them, is by calling them on “their work mobile” from my mobile. Any suggestions as to how Facebook is linking them to a full name and photo

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.