Shadow Profiles on Facebook, Part 2

What are some easy things a person can do to vet the friend requests received on Facebook?

When you receive a “Friend” request, whether it comes from Facebook or from Facebook Messenger, the first thing you should do is to click through to view the person’s profile before you add them to your own. Just one look at some of these shadow profiles would certainly raise red flags, because the person requesting your “friendship” has very sparse information on the profile, often only a name and a picture. A typical “hack” like this involves a requester, who has set up a new profile in order to impersonate someone by using the personal details they already possess, namely, the profile of a real person to copy, and the name of a real-life friend of that real person to impersonate. In fact, you and the real person whose profile is being shadowed are likely already Facebook friends. The goal for this hacking and impersonation is to access more of the real person’s info and to accumulate more profile pictures, names, and friend lists, so they can turn around and impersonate more people.

How did someone get that profile picture and name?

Well, one might wonder that question. But there are many ways your profile picture and name get the attention of hackers. First of all, your name and picture are most likely available to anyone. How else is your 2nd-grade classmate going to find you on Facebook? Did you use your FB profile log-in to comment on a public blog at some point, or perhaps to comment on a letter to the editor from your online local newspaper, or maybe to review a cooking-tip post? Perhaps the scammer got the name because you liked something that wasn’t as legitimate as you thought when you clicked it through; there are a million ways people can get your name and profile picture from your public Facebook trail.

Remember, Facebook is a tool in which you can connect with friends near-and-far—in real-time—to see pictures and watch videos, but Facebook can also be a by-pass to your personal privacy and that of your friends. If and when you comment on or share posts from blogs of questionable sites, then along with the cute pic or video, you may have invited an unknown entity to reach behind some of your layers of privacy.

Actions once you find a “Shadow” Profile page

  1. Check your own friend’s list (or member’s list, if this is a group) to be sure that you are not already friends with the person who has sent the questionable request.
  2. Confirm any known details about the real person you know with the profile of the person you think might be a fake/shadow, such as checking whether the new profile uses the correct spellings for places or last names, or it includes the correct middle  or maiden names, birthplace, high schools, or other details.
  3. Check the other tabs such as “Photos” and “Friends” and ask, “Which mutual friends do I share with the person on that profile?” (if necessary, contact your friends to see if they know about the profile) and ask, “Who are their other friends?” For example, if the new profile’s other friends are all from someplace like Indonesia, where you know that your actual friend is unlikely to know many people, then that is a clue that something might not be as it should be. Also, ask yourself, “Does this person have the friends that you would expect them to have?” based on the details that you already know about the real friend’s life, relatives, location, activities, and job.
  4. Check how long that person has been on Facebook. A very recent profile without posts or details doesn’t jive with a friend request from someone that you know has been on Facebook for a much longer time and certainly should make you a bit suspicious.
  5. Keep emotionally charged rhetoric out of the path of your judgment. For example, most of us would cringe at the idea that we would accept a friend request from someone because they were really good looking or were a celebrity (“Why is Brad Pitt asking to be my friend?”), but too often, other emotionally charged visuals get past our common sense and we let people past our Facebook door, because they are “politicians or preachers with a name we recognize” or because they are wearing a military or police uniform in their profile picture or are holding what looks like their poor orphan children in Africa or they present another sympathetic persona whom we would wish to support. Don’t let emotion get past your common sense; scammers also know that such images raise your sympathy and hope to use such things to get past your guard.

What if I find that I have been “Friended” by a hacked profile?

If you think that you have been contacted by a shadow profiler or anyone that legitimately raises your suspicions (legitimate suspicions that must be rationally explained to Facebook), you can report such profiles to Facebook. Simply, click the suspicious profiler’s name to bring up their profile page, go to the top menu bar on the far right side, next to the word “Message,” and then, where you see the three dots (…), click them to bring out a drop-down menu, where you will see the word, “Report”; click and then follow the prompts, as needed to describe your concern. Facebook will look into the issue reported, and probably will ask you the name of the person whose account you believe was hacked in the first place.

Screen Shot top menu Bar Facebook to report

So that the real friends know they have been “hacked” by a shadow profiler, you can contact them yourself through a post on Facebook, through Facebook Messenger (IM), although FB will probably contact them. People usually want to know so they can warn their friends not to accept friend requests from a fake profile. You might want to post a warning on your own profile about it, to say, “I noticed that my friend, ‘So-and-so’ had a shadow profile set up in their name and here is what to do about it.” You might copy and paste a link to this blog entry so that the person knows more about what to do in the event that their profile was hacked by a shadow profiler. You can delete the shadow profile from off of your friends list, if you happened to already accept their “Friending,” once you have reported it to Facebook and have contacted your real friend.

If you are trying to figure out which profile was the shadow to delete and which was the real one to keep or to contact, you might check it through your own friend’s list, because after having recently clicked to “friend” the shadow, the fake shadow profile will probably be in your “Recently Added” Friends section, found at the “Top Menu Bar,” under the category of “Friends.” Probably, if you were friends with the real person’s profile for more than a couple of weeks and the fake friend’s profile for less than that, you will only have one of them–the fake–in your “Recently Added” section.

For more info on how to vet and verify the sources from which you choose to post, you might check out my blog post, “Verify Your Post on Social Media or google your questions, where you will find some interesting articles, such as this one on Journalists’ Resource,  “Tools for verifying and assessing the validity of social media and user-generated content” and there are many others such as “How to Report a hacked account” on the “Facebook Community Q & A pages.”

cartoon, Phishing lIcense bureau, Person behind the counter at the Phishing License bureau "Ok, you are under arrest" Customer in line: "Oh, I should have seen that coming."

Munroe, Randall. “Phishing License.” Xkcd.com. N.p., n.d. Web. 19 July 2016. <https://xkcd.com/1694/&gt;.