“Don’t accept any friend requests from me. I’ve been hacked. “
Ever seen a post that sounds something like that? It bothers me every time I see this kind of post because the word “hacked” is being used incorrectly. Hacking, by definition, means that someone has gain unauthorized access to your account. This can happen several ways: hackers can guess your password, use leaked information found online, attempt to get your password via a phishing attack, or misuse the reset password option found on Facebook’s login page. This isn’t an exhaustive list of ways that your Facebook can be hacked, but I can assure you that someone creating a fake profile using a copy of your profile picture does not fall under “hacking”.
Social Impersonation
What’s really going on in this type of situation is something that I’ll call “social impersonation”. Social impersonation occurs when a person creates a fake Facebook (or other social media) profile in an attempt to portray another user or entity. Facebook has rules in their terms of service against this, but that doesn’t prevent it from occurring. Social impersonation, for the most part, is harmless. Malicious users, those who create fake Facebook profiles, can, however, attempt to manipulate your Facebook friends and followers if they accept the fake profile. A friend of mine had this happen to her a few years ago (that’s right; this has been going on for years). A social impersonator led her to believe that they were stranded in a foreign country and asked her to send them money via some money transfer service. It wasn’t until after she had sent her “friend” money that she realized this was a fake Facebook profile. When the social impersonators take it to this level and attempt to manipulate other Facebook users, there is an argument that this is in fact a type of hacking called social engineering.
What You Can Do To Prevent This
If you receive a friend request from someone who is already your friend, check with them first before accepting it. More often than naught, this duplicate request isn’t legitimate. If it’s not legitimate, you can report it to Facebook (instructions can be found here), but no other action is needed from either of you. If you receive a notice from your Facebook friends that they’ve received a friend request from you, you can let them know that there is a fake profile posing as you that is sending out friend requests and that they are not legitimate. You can cut down on the number of fake profiles created in your name by restricting your privacy settings within your Facebook account. There are many articles online that outline best security practices for Facebook (here’s a good one). The next time you see one of the “I’ve been hacked” posts, remember, it’s not really hacking unless the impersonator gains something from the experience (unauthorized access, social engineering, etc.).