A few weeks ago, I got a Facebook request from “myself.” Obviously, it wasn’t me and I recognized it right away as a common Facebook cloning scam.

The way it works is simple. Cyber-crooks snag a photo of you, usually right from your own profile page, poach any information you’ve made public, then reach out to all your real friends and family. Once anyone you actually know accepts the Fakebook-fakes’ friend-request or engages with them on Messenger, the scammers typically make a play for money, personal info, or even try to infect your computer or phone with malware.

When the same thing happened to my mom last year, the scammer (pretending to be my mother) hit up my cousin with a sob-story asking for money. (He texted me instead and I told him how to report it Facebook.) A few hours later, another one of her friends received a message from the crook to “click this link to see a great YouTube video you’re in.” She too, smelled a skunk. Had she actually clicked the link though, it could have infected her computer with malware or a virus, logged her passwords and giving hackers the fast track to her bank account, email, or store accounts.

Spotting the fakes

So how do you know that a friend request is real versus fake? Here are a few questions to help you figure that out.

  1. Are they a duplicate? – This is the most obvious test for any fake friend, and all you have to do is see if someone with the same name is already friends with you on Facebook. Nobody has any reason to make more than one account, so if your best friend from college is still on your friends list but just sent you another friend request, send it straight into the trash. Then report it.
  2. Check their photos – Okay, so a hacker will probably find a few freebie photos for their profile, but if you dig into their albums their plan totally falls apart. Before you accept a shady friend request, click on their name and go to their profile page. Browse through their photos and albums and see what’s there. If it’s bare, aside from the profile picture, or has just a couple random photos with no comments or likes, you’ve just nabbed a faker.
  3. Frisk their friends list – If someone is targeting you, their fake account is likely just a shell with very little going on. Click on their friends list and see how many they have. If it’s blank, run for the hills, but even if it’s well populated, those could all be fake or spam profiles too, so be sure to check what mutual friends you have in common. If the person isn’t friends with any of your friends, it’s almost certainly a scammer.

If you do spot a fake, block, report, and warn your friends. (Facebook also cracks down pretty hard on these kind of shenanigans these days.) From the scammers main Facebook profile page you can click the little “more” icon (three little dots in a row) next to their profile picture and then select “Report.” A little menu pops up asking you what you want to report, so select “Report this Profile.” Once you do this, Facebook will know to look at the account and take any actions they need. After you’ve reported, click that little “more” icon again and select “Block” to remove them from your life forever.

Leave the links behind

Even if you’re good about ditching fake friends and ignoring anonymous requests, anyone on Facebook can still send a message to your “Other” inbox. In Facebook Messenger, these pop up as “Message Requests,” and even if someone isn’t your friend they can still send you nasty links and malware without much consequence. Never-ever click on any links you get in these unverified messages, and do your best to avoid interaction with anyone who sends you a chat request out of the blue, even if they look like someone you know. Follow the rules above and verify who they are before you even reply, and if you determine they’re a fake, head to their profile page and block them.

Mike Wehner contributed to this story.