Firstly, don’t jump to conclusions.
“Don’t accept any friend requests from me, my account has been hacked!”
We’ve all seen that message on Facebook. Someone got reports of friend requests they didn’t send, so they post a message to all their friends that they’ve been hacked.
No, you have not been hacked. Not at all. This is a sign of something else completely — something completely out of your control.
Indeed, your friends should not accept more friend requests from you — because it’s not you.
Become a Patron of Ask Leo! and go ad-free!
Friend requests don't indicate a hack
You can’t friend-request your existing friends. Any friend requests your friends see are from impersonation accounts. Your friends should not accept the friend requests and should report the fake accounts to Facebook. Hackers use this technique to eventually impersonate you and attempt to scam your friends.
You can’t friend your friends
It’s pretty simple: if someone is already your friend on Facebook, you can’t send them another friend request. That would be redundant because they’re already your friend.
If the only symptom is that some of your (already) friends on Facebook are asking you why you sent them a friend request, it’s extremely unlikely that your account has been hacked.
Your account wasn’t even involved.
Change your password if you like, but telling all your friends “I’ve been hacked” is incorrect. You haven’t been.
You’ve been impersonated
What’s more likely to have happened is this.
- Someone created a new fake Facebook account.
- They used your name. (Not your email address, just your name.)
- They stole photos from your account and uploaded them to the fake account.
- They stole your profile photo and set it as the profile photo for this fake account.
- They examined your public posts or profile to determine who your friends are.
- They sent those friends new friend requests from this fake account.
Other than viewing your photos and friends, your account was never involved.
Most importantly, your account was never compromised.
So what do you do about it?
Report impersonation accounts
Your friends who received these friend requests should go to the account in question and report it to Facebook.
Make sure your friends report the impersonator, not you.
Or you can tell your friends to simply ignore the friend requests because you’re already friends ,and those requests are coming from a fake account.
Why?
Why do some people try to create these fake accounts and connect with your friends?
My theory is that it’s to prepare for scams and abuse to come.
Perhaps sometime in the future, after you’ve all forgotten about this, they’ll use the fake account to reach out to their “friends” (your friends they fooled into connecting with the fake account), pretending to be you, and ask them for something. Usually, it’s some form of scam.
While that’s annoying, it’s not on you. Your account had nothing to do with it, and you have not been hacked.
Do this
Stay vigilant, of course. Make sure your account is secured properly with a strong password, two-factor authentication, and that you keep all the recovery information up to date.
That’s just good security, but it won’t stop these impersonation attacks. Those are out of your control.
What’s most important is to recognize them for what they are, not panic, and just report the fake account.
Stay on top of the latest scams and learn how to avoid them. Also, subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
best thing one can do is in “who can see my friends list” put it on “only me”.
Yes.
In some cases, it can be the result of a different kind of hack. If you play a game or a quiz, you usually are asked to give them access to your Friends’ list. They can then send friend requests from the fake account to all of your friends, although it’s probably more common for the hackers to spam the people on the lists they hack.
Hmmm, my neighbor is locked out of her account and can’t get back in because her password was changed, but not by her. She’s lost all access to her pictures and it is breaking her heart. Facebook help has not helped because she did not set up two-factor authentication or choose “trusted friends” that could be contacted. If you have a suggestion as to how she can get back into her page, I would greatly appreciate it. She only found out that she was locked out of her account because her friends started receiving duplicate friend requests.
Duplicate friend requests are not a sign of a hacked account. (As the article above explains.)
However, it does sound like your friend’s account has been compromised. The ONLY solution I’m aware of is to follow the Facebook account recovery process, carefully and completely. That’s this article: How Do I Recover My Hacked Facebook Account?
You never answered the question that this thing is titled. A duplicate account was created and reported to Facebook and they came back and said that person is not trying to impersonate my friend. How they came up with their conclusion I have no idea because the duplicate account is sending out messenger to his friends list. It is the duplicate account so how do we get them to fix that.
You did the only thing possible: report it to Facebook.
Facebook’s software is a mess. Apparently, they see no need to improve it as it does what they want: make them billions of $$$.
Funny thing, I just got a fake request from a friend today and a few minutes later a comment I was reviewing linked here. It must be my new brain implant 😉
Almost exactly what I tell my friends.
However I believe that telling people to change the visibility of their Friends list is the MOST IMPORTANT thing to do to minimise the chance of being “cloned” as I call it.
Yes “they” can trawl through public posts to find “some” friends but I think that in general, “they” target people with visible friend lists. If one’s Friend list is restricted, I think that generally “they” will move on to an easier victim, rather than putting the time and effort into extracting some friends via indirect means.
Read your article which says get friends to report the impersonator’s account
My friends reported these accounts when they received friend requests from me
Face book have contacted me and said Hi Helen,
We’ve reviewed the profile that your friend reported and found that it isn’t pretending to be you and doesn’t go against our Community Standards. Note: If you see something on someone’s profile that shouldn’t be on Facebook, make sure that you report the content (e.g. a photo or video), not the entire profile.
Thanks,
The Facebook Team
disgusted that facebook are seemingly doing nothing to protect us
Facebook is a mess.
I received a friend request from someone that was already a friend and I accepted it. What does that mean? Am I compromised?
No. It generally means someone cloned his account (created a fake account with his name and pictures etc.) If you unfriend them, it’s as if nothing happened. When I get a request from a fake account, I contact my friend and ask. In some cases people set up a second account when they are in Facebook jail. If it’s fake, you and your “friend” can report it to Facebook to try to get it tken down.
Unlikely. More like they had a clone/fake account created and you just friended it. I’d unfriend it and report it.