ALAN ZISMAN ON
TECHNOLOGY
Check your Facebook Friends List Setting now!
- How to do it on a computer, iPhone/iPad, and Android device
By Alan Zisman ©2025-09-13
Contents: Cloning vs hacking ~ Privacy settings on a computer ~ Privacy settings on iPhone/iPad ~ Privacy settings on Android ~ A real conversation with a cloner
Cloning Facebook accounts sn the most prevalent technology security issue I'm seeing these days - by far. In the past few weeks, I've helped two of my Facebook friends deal with this - over the past couple of years, I've helped dozens. My suspicion - soon, every single Facebook user who hasn't taken the time (just a few moments) to change this unfortunately default setting in the Facebook account will find themselves victimized in this way.
Feel free to skip the introduction and use the contents to jump to the section for the device you want to use. Note that changing your Facebook Friends List privacy settings on one device will change them for every place you log into Facebook - you don't have to do this one your laptop, your phone, and your tablet. But do change these settings - or check what you've got set - on one of your devices - checking or making the changes takes only a moment, much shorter than explaining how to do it!
Cloning vs hacking
Facebook accounts get 'hacked' - but that's relatively rare. When your account has been hacked, some random random stranger has gained access to your Facebook account - and probably changed the password and locked you out.
Hacking on TV shows and movies is generally depicted as a sort of magic - a hacker sitting in front of a computer screen types away for a few moments and magically gets into someone's account. In a cop show, perhaps someone suggests typing the victim's daughter's date of birth for a password - and bingo! They're in the account.
In real, life, most hacking happens because the victim inadvertantly shares a two-factor authentication code with the random stranger trying to get into their account. Don't think that couldn't happen to you. We all get distracted and make mistakes.
But it's relatively rare.
Far more common - in part because Facebook makes it too easy to do - is account cloning. For this to happen, the random stranger doesn't need any special skills, and you don't have to give out any information by accident.
Instead, the random stranger just needs to create a new Facebook account using the same name as yours. This can be perfectly legitimate - lots of people have the same names. And unlike email address, Facebook lets multiple people have accounts with the same names. Here's what I find when I search FB for my own, relatively uncommon, name:
The top one is my real Facebook account. The others may be real accounts or may be fake. Clicking the See More option shows even more.
A malevolent random stranger might take a next step and copy a real photo of you -perhaps posted in your Facebook account or perhaps appearing in a Google search for your name, and make their account look more like it's really you.
Then, by clicking on your name in Facebook they can view your Facebook home page. Here's min
e:
Click on the word Friends and - by Facebook's poor default setting - the random stranger gets to see all my FB Friends. They can click on any and send a Facebook message, using that new fake account, pretending to be me.
At the end of this post, you can see a FB Messages conversation I had with a faux-friend. In the end, these all want money or personal information.
This is only possible, though, because Facebook sets your Friends List public unless you change it.
Changing that setting only takes a moment - and everyone should do that - but Facebook doesn't make it easy to discover how to do it. (Sigh!)
I'll give step-by-step instructions for chaning your Facebook Friends List privacy setting, first for doing it on a computer in a web browser, then for doing it using the Facebook app on an iPhone or iPad, and then for using the Facebook app on an Android device.
Finally, I'll share a Facebook Messages conversation with a faux friend.
On a computer....
Many people access Facebook on a Windows or Mac (or less frequently Chromebook or Linux) laptop or desktop computer, using a web browser. The good news is that these instructions will work regardless of the type or computer you're using and with any web browser (Google Chrome, Firefox, Apple Safari, whatever). The bad news is that from time to time, Facebook changes how it works - so instructions written now (September 2025) might not be accurate at some point in the future. But for now:
-- Log into Facebook in your web browser on your computer. Look up at the top-right of your browser window and you'll see an image in a circle. I've customized my account picture - if you haven't, you'll see a generic grey silhouette in a lighter grey circle (like in several of the Alan Zismans in the image up above). Here's the top-right of my Facebook browser window:
See the picture in the circle? Click on it - a little menu will drop down. Ignore the various options, just click on your name to go to your home page (already pictured above). Click on the word Friends and you'll go to your Facebook Friends list - just as the random stranger will see it if you haven't changed your privacy settings!
Look for a small grey rectangle with three black dots inside it - you'll see two of these. Ignore the top one at the right end of a line starting Posts About Friends Photos (etc.).
You want the second one on the line with Friends [ Search] Friend Requests Find Friends. Click on that one and a little pop-up menu will show options:
Click on Edit Privacy to see:
Notice that by default (i.e. if you haven't changed anything), these are all set as Public - i.e. anyone can see them. Bad idea, Facebook!. Click on the word Public beside Friends List and see a variety of alternative options:
In fact, you can scroll down to see even more options. I used to think picking Friends was a nice balance between privacy and openess, but no longer - it's too easy for all of us to mistakenly 'friend' someone pretending to be a person you know. Now I recommend you change this setting (and the other two in the Edit Privacy list) to Only Me - Facebook-speak for 'private'. Click Save to return to theEdit Privacy dialogue box and do the same for the other two settings.
You're done. Now, while a random stranger can still look at your Facebook home page and click on Friends, they won't see the names of all your FB Friends. As a result, it won't be worth their while to clone your account...
On an iPhone or iPad
On an iPhone or iPad, start off by opening the Facebook app, and look to the bottom of your screen. In the bottom-right corner, you'll see Menu:
Tap on Menu and then scroll down to see Settings & Privacy:
Tap on Settings & Privacy - right near the top you'll see Settings:
Tap on Settings and then scroll down until you see How people find and contact you:
Tap on How people find and contact you and you'll seeWho can see your friends list?
Tap on Who can see your friends list? and you'll see some - but not all - of the options:
Tap on See all to see the rest of the options:
I used to think picking Friends was a nice balance between privacy and openess, but no longer - it's too easy for all of us to mistakenly 'friend' someone pretending to be a person you know. Now I recommend you change this setting to Only Me - Facebook-speak for 'private'. Click Save.
You're done. Now, while a random stranger can still look at your Facebook home page and click on Friends, they won't see the names of all your FB Friends. As a result, it won't be worth their while to clone your account...
On an Android phone or tablet
Whether your Android phone or tablet is made by Samsung, by Google, or by some other manufacturer, the steps should be (more or less) the same.
Start by opening the Facebook app - you're looking for three horizontal lines. If you don't notice them on your opening screen (look on the top next to the Facebook logo, or on the bottom), tap on your picture - or generic grey on grey silhouette - in a circle in the top right corner. Then you should be able to see the three horizontal lines (sometimes called a 'hamburger menu icon'): Here's an example of a screen showing my Facebook picture (circled in the top-right)and the three lines on the left:
Tap on the three lines (now do you see why it's sometimes called a 'hamburger') and a page of various options opens up. Scroll down until you seeSettings & Privacy:
Tap on Settings & Privacy and right near the top(underneath another Settings & Privacy)
you'll see Settings:
Tap on Settings and scroll down to see How people find and contact you:
Tap on How people find and contact you and you'll see:
Tap on the arrow beside Who can see your friends list? to see some - but not all - of the options:
Notice how my Friends List is currently set Public - but I'm only being shown some, but not all of the options. There ought be some option to set it Private. Tap on See all:
I used to think picking Friends was a nice balance between privacy and openess, but no longer - it's too easy for all of us to mistakenly 'friend' someone pretending to be a person you know. Now I recommend you change this setting to Only Me - Facebook-speak for 'private'. Click Save.
You're done. Now, while a random stranger can still look at your Facebook home page and click on Friends, they won't see the names of all your FB Friends. As a result, it won't be worth their while to clone your account...
Here's a series of screen captures of a series of messages I exchanged with a random stranger who cloned the account of a person I know - both in real life and on Facebook. Notice that it starts out with a pretty generic 'Hello - How are you doing today?'which I've seen in messages from other faux accounts. I've changed the name at the top of the message thread.
The thread went on and on, devolving into messages every day or so asking if I'd clicked on the link yet. Even with the promise of $250,000 delivered by FedEx to my doorstep, I didn't click on the link, and eventually blocked the faux-account.
Stay safe!.
Older blog postings....
Check your Facebook Friends List Setting now!
- How to do it on a computer, iPhone/iPad, and Android device
By Alan Zisman ©2025-09-13
Contents: Cloning vs hacking ~ Privacy settings on a computer ~ Privacy settings on iPhone/iPad ~ Privacy settings on Android ~ A real conversation with a cloner
Cloning Facebook accounts sn the most prevalent technology security issue I'm seeing these days - by far. In the past few weeks, I've helped two of my Facebook friends deal with this - over the past couple of years, I've helped dozens. My suspicion - soon, every single Facebook user who hasn't taken the time (just a few moments) to change this unfortunately default setting in the Facebook account will find themselves victimized in this way.
Feel free to skip the introduction and use the contents to jump to the section for the device you want to use. Note that changing your Facebook Friends List privacy settings on one device will change them for every place you log into Facebook - you don't have to do this one your laptop, your phone, and your tablet. But do change these settings - or check what you've got set - on one of your devices - checking or making the changes takes only a moment, much shorter than explaining how to do it!
Cloning vs hacking
Facebook accounts get 'hacked' - but that's relatively rare. When your account has been hacked, some random random stranger has gained access to your Facebook account - and probably changed the password and locked you out.
Hacking on TV shows and movies is generally depicted as a sort of magic - a hacker sitting in front of a computer screen types away for a few moments and magically gets into someone's account. In a cop show, perhaps someone suggests typing the victim's daughter's date of birth for a password - and bingo! They're in the account.
In real, life, most hacking happens because the victim inadvertantly shares a two-factor authentication code with the random stranger trying to get into their account. Don't think that couldn't happen to you. We all get distracted and make mistakes.
But it's relatively rare.
Far more common - in part because Facebook makes it too easy to do - is account cloning. For this to happen, the random stranger doesn't need any special skills, and you don't have to give out any information by accident.
Instead, the random stranger just needs to create a new Facebook account using the same name as yours. This can be perfectly legitimate - lots of people have the same names. And unlike email address, Facebook lets multiple people have accounts with the same names. Here's what I find when I search FB for my own, relatively uncommon, name:
The top one is my real Facebook account. The others may be real accounts or may be fake. Clicking the See More option shows even more.
A malevolent random stranger might take a next step and copy a real photo of you -perhaps posted in your Facebook account or perhaps appearing in a Google search for your name, and make their account look more like it's really you.
Then, by clicking on your name in Facebook they can view your Facebook home page. Here's min
e:
Click on the word Friends and - by Facebook's poor default setting - the random stranger gets to see all my FB Friends. They can click on any and send a Facebook message, using that new fake account, pretending to be me.
At the end of this post, you can see a FB Messages conversation I had with a faux-friend. In the end, these all want money or personal information.
This is only possible, though, because Facebook sets your Friends List public unless you change it.
Changing that setting only takes a moment - and everyone should do that - but Facebook doesn't make it easy to discover how to do it. (Sigh!)
I'll give step-by-step instructions for chaning your Facebook Friends List privacy setting, first for doing it on a computer in a web browser, then for doing it using the Facebook app on an iPhone or iPad, and then for using the Facebook app on an Android device.
Finally, I'll share a Facebook Messages conversation with a faux friend.
On a computer....
Many people access Facebook on a Windows or Mac (or less frequently Chromebook or Linux) laptop or desktop computer, using a web browser. The good news is that these instructions will work regardless of the type or computer you're using and with any web browser (Google Chrome, Firefox, Apple Safari, whatever). The bad news is that from time to time, Facebook changes how it works - so instructions written now (September 2025) might not be accurate at some point in the future. But for now:
-- Log into Facebook in your web browser on your computer. Look up at the top-right of your browser window and you'll see an image in a circle. I've customized my account picture - if you haven't, you'll see a generic grey silhouette in a lighter grey circle (like in several of the Alan Zismans in the image up above). Here's the top-right of my Facebook browser window:
See the picture in the circle? Click on it - a little menu will drop down. Ignore the various options, just click on your name to go to your home page (already pictured above). Click on the word Friends and you'll go to your Facebook Friends list - just as the random stranger will see it if you haven't changed your privacy settings!
Look for a small grey rectangle with three black dots inside it - you'll see two of these. Ignore the top one at the right end of a line starting Posts About Friends Photos (etc.).
You want the second one on the line with Friends [ Search] Friend Requests Find Friends. Click on that one and a little pop-up menu will show options:
Click on Edit Privacy to see:
Notice that by default (i.e. if you haven't changed anything), these are all set as Public - i.e. anyone can see them. Bad idea, Facebook!. Click on the word Public beside Friends List and see a variety of alternative options:
In fact, you can scroll down to see even more options. I used to think picking Friends was a nice balance between privacy and openess, but no longer - it's too easy for all of us to mistakenly 'friend' someone pretending to be a person you know. Now I recommend you change this setting (and the other two in the Edit Privacy list) to Only Me - Facebook-speak for 'private'. Click Save to return to theEdit Privacy dialogue box and do the same for the other two settings.
You're done. Now, while a random stranger can still look at your Facebook home page and click on Friends, they won't see the names of all your FB Friends. As a result, it won't be worth their while to clone your account...
On an iPhone or iPad
On an iPhone or iPad, start off by opening the Facebook app, and look to the bottom of your screen. In the bottom-right corner, you'll see Menu:
Tap on Menu and then scroll down to see Settings & Privacy:
Tap on Settings & Privacy - right near the top you'll see Settings:
Tap on Settings and then scroll down until you see How people find and contact you:
Tap on How people find and contact you and you'll seeWho can see your friends list?
Tap on Who can see your friends list? and you'll see some - but not all - of the options:
Tap on See all to see the rest of the options:
I used to think picking Friends was a nice balance between privacy and openess, but no longer - it's too easy for all of us to mistakenly 'friend' someone pretending to be a person you know. Now I recommend you change this setting to Only Me - Facebook-speak for 'private'. Click Save.
You're done. Now, while a random stranger can still look at your Facebook home page and click on Friends, they won't see the names of all your FB Friends. As a result, it won't be worth their while to clone your account...
On an Android phone or tablet
Whether your Android phone or tablet is made by Samsung, by Google, or by some other manufacturer, the steps should be (more or less) the same.
Start by opening the Facebook app - you're looking for three horizontal lines. If you don't notice them on your opening screen (look on the top next to the Facebook logo, or on the bottom), tap on your picture - or generic grey on grey silhouette - in a circle in the top right corner. Then you should be able to see the three horizontal lines (sometimes called a 'hamburger menu icon'): Here's an example of a screen showing my Facebook picture (circled in the top-right)and the three lines on the left:
Tap on the three lines (now do you see why it's sometimes called a 'hamburger') and a page of various options opens up. Scroll down until you seeSettings & Privacy:
Tap on Settings & Privacy and right near the top(underneath another Settings & Privacy)
you'll see Settings:
Tap on Settings and scroll down to see How people find and contact you:
Tap on How people find and contact you and you'll see:
Tap on the arrow beside Who can see your friends list? to see some - but not all - of the options:
Notice how my Friends List is currently set Public - but I'm only being shown some, but not all of the options. There ought be some option to set it Private. Tap on See all:
I used to think picking Friends was a nice balance between privacy and openess, but no longer - it's too easy for all of us to mistakenly 'friend' someone pretending to be a person you know. Now I recommend you change this setting to Only Me - Facebook-speak for 'private'. Click Save.
You're done. Now, while a random stranger can still look at your Facebook home page and click on Friends, they won't see the names of all your FB Friends. As a result, it won't be worth their while to clone your account...
Here's a series of screen captures of a series of messages I exchanged with a random stranger who cloned the account of a person I know - both in real life and on Facebook. Notice that it starts out with a pretty generic 'Hello - How are you doing today?'which I've seen in messages from other faux accounts. I've changed the name at the top of the message thread.
The thread went on and on, devolving into messages every day or so asking if I'd clicked on the link yet. Even with the promise of $250,000 delivered by FedEx to my doorstep, I didn't click on the link, and eventually blocked the faux-account.
Stay safe!.
Older blog postings....
| About This Blog... I've been writing about computers, software, Internet and the rest of technology since 1992, including a 17 year (1995-2012) stint as 'High Tech Office' columnist for Business in Vancouver. This blog includes thoughts on technology, society, and anything else that might interest me. Comments, emailed to alan@zisman.ca are welcome - and may be published in whole or part. You can follow me on Facebook for notice of new blog postings. |
 |