If you are using Google's Chrome web browser you may notice that it labels this website as 'Not Secure' - that's simply not true. For more info, see: "Google and Http" 

Blog    Tutorials    Old Articles    About Me


Someone's sending out Friend requests pretending they're me!
By Alan Zisman 2022-02-26

It seems I can't stop writing about Facebook.

Today, in my Facebook newsfeed, my FB (and real-life) Friend Gary posted:

I've been hacked

I've been seeing a lot of these sorts of messages, from people who've heard that some of their Facebook Friends are puzzled to receive Friend requests, apparently from Gary, who's already their FB Friend.

A natural reaction is for Gary to assume that his account has been 'hacked' - that someone has somehow by-passed Facebook's security, maybe gotten his password. Many people who've had this happen  then change their passwords (not necessarily a bad thing). Some people I know have gone as far as to abandon what they believe is a compromised Facebook account, setting up a completely new account.

(They then have to contact all their Facebook friends and try to explain that they are the real them, as opposed to whoever sent them the earlier Friend request. Talk about confusing!)

In fact, I'm convinced that there's no 'hacking' involved, and that the only problem with Gary's (and many other's) Facebook account is that too many of Facebook's default settings make it easy for this sort of thing to happen. Luckily, these settings can be quickly and easily changed to give you more protection.

Unfortunately, in Gary's case - and many others - it's a bit late to make these changes. (But Gary (et al) should do it now anyway).

Here's the thing - by default, your Facebook existence (other than your password) is open to the public. Your Facebook user name, the photo that appears beside your name, information about you that you've chosen to give Facebook - where you live, where you went to high school, maybe even a phone number - are all public. Every one of your posts, every photo and video you've shared are available to any who finds your name and clicks on it to see your Facebook 'Wall'.

When some mysterious stranger clicks on Gary's name, for instance, they see:

Gary's wall

Notice that they can chose between reading Gary's Posts, seeing what Gary has told Facebook About himself, who are Gary's Facebook Friends, what Photos Gary has posted, and more.

So here's what someone would have to do to create a Facebook account that pretends to be Gary:

1) Create an email address that I can use in setting up the faux-Gary Facebook account. Easy enough to do using Gmail or Yahoo Mail or pretty much any large email system.

2) Browse Gary's publicly available Facebook photos, looking for a photo of Gary to use with the new, not-yet-created account. Or even pick the one that Gary is already using.

3) Go to Facebook.com - log out of the current account if automatically logged-in. When logged-out, you'll see a big green button to Create New Account. Follow the steps to set up a new account - feel free to use the exact same name that Gary's currently using, but enter the new email address.

A message will be sent to that email address for confirmation. No problem.

So now you've got a new account with Gary's name, but no Facebook Friends, and hance no content. Well, logged into that new account, you can visit the original Gary's wall, click on each of Gary's Friends, and send them a Friend Request.

It's easy to do - though I'm not clear on what's the point. Let me know what I'm missing here, since it seems to be happening to a lot of people. (One thing - if you accept one of these 'Friend' requests, the person sending it will be able to see any 'Friends Only' posts or profile information that may otherwise be blocked to them. See below for more about this).

Here's how you can prevent it being done to you.

(These instructions are specific to using Facebook in a web browser on a desktop or laptop computer - the details will be somewhat different if you're accessing FB using a phone or tablet app. As well, FB changes its interface from time to time, so even on a computer, things may look different for you).

When you're logged into Facebook click on the little arrow in the top-right corner. A menu will pop up - choose Settings & Privacy then Privacy Center and then scroll down (on the right) to Control Who Can See What You Share.

Control who can see what you share

Click Read More and then Review Your Sharing Settings.

You'll get to choose settings for Facebook, Instagram, and Messenger. If you use all these services, you may want to check them all - but for now, let's just pick Facebook.

A new tab opens up in your browser, and again, you'll need to click on Who Can See What You Share. (Repetitive, isn't it? Luckily, it doesn't take you back in a circle). A box opens up, explaining what's to come - click Continue.

You'll be shown Profile Information that you've given Facebook - items like phone number, email address(es), birthday and year. Hometown, relationship status, current city, employer, and more. For each, you can choose who can see it - choices include Public, Friends, Only Me and sometimes more.

Think about who you want to see these pieces of information. Public implies that piece of information is available to anyone - and can even show up in (for example) a Google search. Do you want strangers to have access to your birthday? Maybe not. But maybe you want your FB Friends to be able to shower you with birthday wishes at the appropriate time.

Also important - near the bottom of the Profile Information lists, you're asked who can see your Friends list. If that's set to Public, anyone can see your FB Friends list and contact the folks on that list. If it's set to 'Friends Only', anyone on your Friends list can contact any other friend.

I would understand someone wanting to set everything to 'Only Me' - but while that would be the most secure, it also limits the usefulness of taking part in a 'social network'.  Make the decisions that make the most sense to you.

When you click Next you'll see options about your Posts and Stories - with the same Public/Friends/Only Me choices. By default whatever you post is Public. You can change that to Friends, but that leads to problems when you (or one of your Friends) wants to share one of your posts to a more general page or group - in that case, your post to the page or group will look fine to you (or anyone who's FB Friends of the original poster), but other folks viewing that post will see something like:

Not visible

Again, trying to keep your information private and secure can lead to unexpected consequences.

You can take a look at what a random stranger would see if they click on your name - i.e. your 'public profile'. Here's how to do it:

When you're logged into Facebook, you'll see your name and a little circle with your Profile Picture in the upper right (and if you have a column on the left, your name and Profile Picture will be at the top there as well). Click to open your 'wall' - your Profile Page.

Part-way down, you'll see a line with links to Posts, About, Friends, Photos, Videos, etc... further to the right there will be three horizontal dots. Click the three dots and a menu will pop up - the top item will read View As.

View As

Click View As and you'll see your Profile Page as it can be viewed by a member of the public - someone on Facebook who isn't on your Friends list.

This is what someone can access without hacking your account. If your birthday isn't showing there (for instance) then any of your Friends  wondering if the message they got is really from you, could ask what's your birthday - assuming you'd shared that info in your Profile, but set it as Friends Only.


-- If you get a Facebook 'Friend' request from someone who you think is already your Friend, let your original Friend know about this issue. Maybe it's really them - but probably not!

-- If you've heard that someone on Facebook is pretending to be you, it may not mean your account has been 'hacked' or compromised, though it's probably a good idea to change your Facebook password. As well, it's a very
good idea to enable Facebook two-factor authentication which is a huge help in ensuring that strangers can't log-in as you, even if they know your password.

-- Check over your Facebook Privacy Settings and make sure that your profile information and Posts and Stories are being shared in ways that you're comfortable with - you may want some pieces of information to be open to the public, others only with your Facebook Friends, while others may be only shared between yourself and Facebook.

Note that doing all this doesn't lock down the photos you've posted to your account. To do that, see: Securing your Facebook profile? Don't forget your photos

Older blog postings....

About This Blog...

I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Facebook for notice of new blog postings.
AZ Dog Baby