What to do when your Facebook friend gets hacked

Print Friendly, PDF & Email

If you’re on Facebook, you’ve probably seen this happen. You suddenly get a friend request from someone you’ve already been friends with for a long time. What’s the best thing to do in this situation?

Facebook friend hack


First off, I want to say up front that when this happens, it is not a “hack”. I put that phrase in the title of this blog post and in the graphic above mainly so that people would have an idea of what I’m talking about. That’s because whenever I see this happen on Facebook, the thing that happens most is that other friends will post a message on the victim’s Facebook profile: “I just got a friend request from you. Your Facebook has been hacked!” And of course that is followed up by all the well-meaning but misguided suggestions that the person should immediately change their passwords and check for viruses.

In reality, no Facebook account has been hacked or compromised at all. All that has happened is that a scammer decided to create a new Facebook account using your friend’s name and your friend’s profile picture. That way, at first glance, it does actually look like your friend’s Facebook profile.

Then the next step for the scammer is to send out friend requests from the fake profile to all of the people that are actual Facebook friends with that person already. The scammer knows that a bunch of people will know immediately that it’s fake. But he also knows that there will be some people that say “Hmm, a friend request from Bob. I thought I was already friends with him. Oh well, *ACCEPT*” There might be only 5% or 10% that just automatically accept the fake friend request. But if someone has 500 friends, that’s 25 to 50 people that get suckered in. These are the people that typically click on just about anything. We all know people like this.

So what’s the end game here for the scammer? What do they hope to achieve by tricking all these people into becoming friends with a fake profile? There are actually a lot of different strategies here. The key element here, however, is trust. If the “Fake Bob” account sends these people a direct message, as far as they’re concerned, they are communicating with the ACTUAL Bob. So maybe Fake Bob tells all his “friends” about this great website where you can get new iPads for $10 (scam) or maybe he pleads for his “friends” to wire money for a short term emergency loan (also a scam). The point is, the “friend” is more likely to go along with it since there is already some trust between the two people on Facebook, and maybe even in real life.

Usually when I get a fake friend request, I go to the fake profile to see who has already fallen for it and just accepted the friend request without checking it out. Usually there are a few people already listed there as “friends”. This is the proof that it’s really easy to trick people on Facebook. Almost effortless.

So what should you do when you see this happen? Obviously you don’t want to just join the crowd and post on your friend’s profile “Hey, your Facebook got hacked!” since that does no one any good. Fortunately, Facebook has created a pretty simple process that allows you to report the problem, have Facebook check it, and get the fake profile taken down very quickly.

Here’s how to handle a fake Facebook friend request:

1. Go to the fake friend request, and click on the name:

Facebook hack


2. This takes you to the fake profile page (the profile created by the scammer). Click the 3 dots, and in the drop-down menu, choose “Report”:

report fake profile


3. This will bring up the beginning of a multi-part form that allows you to tell Facebook what’s going on so that they can check it out. First thing to check is “Report this profile”:

report fake profile


4. Next window, check “They’re pretending to be me or someone I know”:

report fake profile


5. Next window, check “Someone I know”:

report fake profile


6. Next window, click on “Submit to Facebook for review”:

submit to Facebook for review


7. Facebook will then ask you to tell them which friend’s profile is being faked. You can start typing in the name and then just choose from the option listed:

report fake profile


8. At this point you’re pretty much done. The next screen will give you a few other options but really all you have to do is click “Done”:

report fake profile


9. Within a short time (usually a few minutes), you’ll get this notification from Facebook:

report fake profile

That’s just automated but at least it confirms that they received your submission.

And that’s really all you need to do. Facebook will check it out (and it’s possible that other friends have reported the same fake profile). What usually surprises me now is how quickly Facebook deletes the fake profile page. I usually go back to the fake profile and check on it every so often (and I usually see new friends being added each time). Sometimes I’ve seen a fake profile removed within just a few minutes of reporting it. Sometimes it takes longer but I don’t think I’ve ever seen it take more than an hour. Facebook has this process pretty much automated on their end and they are very serious about getting these scammers taken down.

Does this stop the scammers? No. They know the fake profile will be taken down eventually. They’re just hoping it stays up long enough to get a scam going. And in reality, they most likely have software that just creates hundreds or thousands of these fake accounts around the clock. But at least you did your part to help your friend out and get the fake account deleted quickly.

Should you notify your friend that this has happened? It’s up to you. I usually don’t bother with it. In many cases the fake profile is removed before the friend (or any of their friends) even knew what was happening, so there’s really no point getting people agitated about something they really don’t need to be concerned over.

listen to my podcast in iTunes

Share this post

2 comments Add your comment »

Get updates when new comments are added. Subscribe to the comments RSS Feed

Marge Teilhaber
May 29th, 2017

Scott, what a perfect lesson for us today! Who knew! I never accept and do as you suspected: go to their real page and tell them I got a friend request and that no one should accept it, change your password, blah blah. Never knew it should/could be reported. I will post this link every time this happens with a comment such as “One of the many great reasons to subscribe to Scott Johnson’s emails.” THANK YOU!!

May 30th, 2017

Great article Scott! I always did just what you recommend NOT to do, but now know how to handle this correctly. Thanks!