(CBS News/CBS Money)-- Do you know -- really know -- all of your Facebook friends? If
not, you could become a victim of a scam that clones your Facebook account to hijack
your friends' computers and personal information, according to the Better Business Bureau.
Generally the scam hits people who have loose privacy settings
or are open to accepting loosely connected friends -- friends of friends; work
associates; anyone that you don't know well.
How it works is simple: You get a
friend request from someone who you think is legitimate because they have
mutual friends, work for your company, or, perhaps, are an alumnus of your
school. And you decide to welcome them into your Facebook world.
However, by adding them to your roster of friends, this new
person gets access to your photographs, listing of your other friends and other personal
information about you. They use that to copy your photos, status, personal
information and create a new Facebook account where they pose as you.
The impostor then starts friending your friends, who would have
no reason to suspect that the friend request was coming from anyone but you. After
accumulating enough of your unsuspecting friends to strike, the impostor will
start doing one of three things: Ask for money -- "OMG. I'm overseas and was just robbed! I don't even have enough to get
home!" Or they might start promoting bogus business opportunities,
such as work-at-home scams or some multi-level marketing opportunity.
But the most pernicious crooks will start sending
messages that link to sites that load malware onto your friends'
The money requests are the easiest to combat, unless your
friends are particularly gullible. Chances are, they'll pause and,
give you a call or text message before running down to Western Union to
money. And, hopefully, they won't send money to launch a new at-home
business or get into another "opportunity" either. The simple advice
here is never take a job that requires you to pay them. It's a waving
red flag that the job offer is a con.
The malware sites are another story. They entice you to click on a
link to see "a funny video of you" or an embarrassing photo. Naturally,
when the friend clicks on the link, there's no video or photo. But
going to the site allows the site to load malware onto the victim's
The most toxic of the malware sites load keystroke detection software
friends' systems, which can record user names and passwords for all of
Combating this fraud can be challenging, particularly for those
who already have large, unwieldy accounts with hundreds (or thousands) of
friends. However, you can reduce the risk of getting scammed by being judicious
about accepting new friends -- even from people you think you know.
Many of these scam accounts are being opened by overseas con
artists, who count on your carelessness. Fake accounts and posts often include
typos and grammatical errors. Before accepting a friend request, look at the site
and ask yourself whether the language and tenor of the site is consistent with
that friend's nature. If not -- or if you don't know the person well enough to
know -- pass on the friend request.
If you're uncertain, go old school and give
your friend a call. That might save you both from being scammed. If the request
came from an imposter account, the real owner of that name and profile can ask
Facebook to eliminate the imposter account. But, of course, you can't do that
until you find out that it exists.
Meanwhile, also pause and think before clicking on a link. While
some links are clearly labeled as being to a legitimate site, the ones
have no label should be approached with caution. Again, check before
clicking by sending your friend a personal message to ask where the link
goes or what the picture shows. Chances are good that your friend
didn't post the link.
And certainly never send money to someone who contacts you via
Facebook or email. Know that if your friend was really robbed overseas,
call you. Or go to the U.S. Embassy and get help. If they had a great
business opportunity and knew you were looking, they'd also likely call
or message you personally. But know that any business that asks you to
pay them before starting is likely to be a scam. Check out the business
with the Better Business Bureau before sending anyone a check.
In today's age, anti-virus software is also a must. If you don't
have it on your computer, get it. Buy it from a legitimate company like McAfee
or Norton. Keep it updated. It's worth the annual subscription cost.
Finally, if you discover an impostor account, report it to
Facebook. This happens frequently enough that the site has an online procedure for reporting bogus accounts that you can complete in a matter of minutes. By getting the impostor shut down, you might just save your other friends a ton