Firstly, don’t jump to conclusions.
“Don’t accept any friend requests from me, my account has been hacked!”
We’ve all seen that message on Facebook. Someone got reports of friend requests they didn’t send, so they post a message to all their friends that they’ve been hacked.
No, you have not been hacked. Not at all. This is a sign of something else completely — something completely out of your control.
Indeed, your friends should not accept more friend requests from you — because it’s not you.
Become a Patron of Ask Leo! and go ad-free!
Friend requests don't indicate a hack
You can’t friend-request your existing friends. Any friend requests your friends see are from impersonation accounts. Your friends should not accept the friend requests and should report the fake accounts to Facebook. Hackers use this technique to eventually impersonate you and attempt to scam your friends.
You can’t friend your friends
It’s pretty simple: if someone is already your friend on Facebook, you can’t send them another friend request. That would be redundant because they’re already your friend.
If the only symptom is that some of your (already) friends on Facebook are asking you why you sent them a friend request, it’s extremely unlikely that your account has been hacked.
Your account wasn’t even involved.
Change your password if you like, but telling all your friends “I’ve been hacked” is incorrect. You haven’t been.
You’ve been impersonated
What’s more likely to have happened is this.
- Someone created a new fake Facebook account.
- They used your name. (Not your email address, just your name.)
- They stole photos from your account and uploaded them to the fake account.
- They stole your profile photo and set it as the profile photo for this fake account.
- They examined your public posts or profile to determine who your friends are.
- They sent those friends new friend requests from this fake account.
Other than viewing your photos and friends, your account was never involved.
Most importantly, your account was never compromised.
So what do you do about it?
Report impersonation accounts
Your friends who received these friend requests should go to the account in question and report it to Facebook.
Make sure your friends report the impersonator, not you.
Or you can tell your friends to simply ignore the friend requests because you’re already friends ,and those requests are coming from a fake account.
Why do some people try to create these fake accounts and connect with your friends?
My theory is that it’s to prepare for scams and abuse to come.
Perhaps sometime in the future, after you’ve all forgotten about this, they’ll use the fake account to reach out to their “friends” (your friends they fooled into connecting with the fake account), pretending to be you, and ask them for something. Usually, it’s some form of scam.
While that’s annoying, it’s not on you. Your account had nothing to do with it, and you have not been hacked.
Stay vigilant, of course. Make sure your account is secured properly with a strong password, two-factor authentication, and that you keep all the recovery information up to date.
That’s just good security, but it won’t stop these impersonation attacks. Those are out of your control.
What’s most important is to recognize them for what they are, not panic, and just report the fake account.
Stay on top of the latest scams and learn how to avoid them. Also, subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.