Facebook Friend Request Scam: What It Is and How to Protect Yourself

Be careful which friend requests you accept

Image of a Facebook friend request

 traffic_analyzer/Getty Images

Facebook friend request scams are one of the more dangerous Facebook scams. The scam involves being contacted by someone you're likely to believe is your friend, which makes it more enticing to respond to the message and fall victim to the scam.

What is the Facebook Friend Request Scam?

In recent years, there have been variations of the Facebook friend request scam, but the most insidious version is the oldest one.

This particular scam involves scammers cloning the Facebook account of one of your friends, then sending out friend requests to all of their friends. The goal is to get as many people to accept the friend requests as possible, then follow up with additional messages to scam these users.

How Does the Facebook Friend Request Scam Work?

Operating a Facebook friend request scam requires a good deal of planning and work on the part of the scam artists.

A typical friend request scam involves the following steps:

  1. The scam artist identifies a single person or group of people they want to target. Sometimes, scammers may focus on Facebook users in Western countries, or people who may appear wealthy. In other cases, victims appear to be chosen randomly.

  2. A single friend in this group is selected, and the scammer creates a new Facebook account with the identical name. This is the first step in "cloning" a Facebook account.

    Screenshot of a facebook friend request target
  3. Once a target is chosen, the scammer then works their way through the target's publicly available photos, and copies those over to the new cloned account. They will also usually copy the original profile image and make that the profile image of the newly cloned account.

    Screenshot of selecting profile images of a target
  4. Once the cloned account is completed, the scammer will then work through all of the target's friends and send a new friend request. When the friend request arrives, it looks just like the account of the friend they already know. The scammer hopes the friend will think their friend has simply created a new account and they'll just accept the friend request without investigating further.

    Screenshot of a facebook friend request scam
  5. The more friends who accept the friend request, the more likely it is that additional friends will also accept, since seeing "mutual friends" on the account makes people more likely to believe it's authentic.

    Screenshot of mutual friends on a fake account
  6. Once all of the friends have accepted the request, the scammer sends each of these new friends messages either asking for money or sending them links to download viruses. Since these users think they're talking with their friend, some people do.

How Do the Facebook Friend Request Scammers Find Victims?

There are several things scammers look for when trying to locate ideal victims for the friend request scam. They look for someone on Facebook who meets one of the following characteristics.

  • Their Facebook friends list is publicly accessible.
  • The victim's account is someone located in a developed nation.
  • The scammer has located the user's account as part of a public group.

However, often, victims are simply chosen at random. So long as an account can be searched for using Facebook's search feature, any person on Facebook is at risk.

How Do I Avoid Being Targeted For The Facebook Friend Request Scam?

One of the easiest ways to avoid becoming the initial target of the Facebook friend request scam is by hiding your friends list on Facebook.

  1. Log into your Facebook account, select the drop-down arrow to the right of the Facebook menu, then select Settings.

    Screenshot of selecting Facebook settings
  2. Select Privacy from the left menu.

    Screenshot of Facebook General Account Settings
  3. Select Edit to the right of 'Who can see your friends list?'

    Screenshot of Privacy Settings and Tools in Facebook
  4. Select the drop-down list inside this box, and select Only me to set the visibility of your friends list to only your account.

    Screenshot of setting friends list privacy
  5. Now you're the only person who can see your friends list. Even your own friends won't be able to view your list of Facebook friends.

How Do I Avoid Getting Involved in This Scam?

Changing the privacy of your friends list will dramatically reduce the chance of a scammer choosing your account to clone. However, this doesn't mean one of your friends won't be initially targeted, which means you may still see fraudulent friend request from cloned accounts.

You can protect yourself from this threat with the following rules when dealing with new friend requests. Before accepting new friend requests from your known friends:

  • Contact your friend directly and ask them if they've created a new account.
  • Be extra careful accepting any friend requests from strangers. Review their accounts and avoid friending anyone with an account that has few posts or very little identifying information.
  • Never provide bank or credit card details to anyone you've just friended, and never send them any money.
  • If you discover a cloned account, immediately report it to Facebook; select the three dots to the right of the profile header, then select Find Support or Report Profile.

I’m Already a Victim. What Should I Do?

If you've been contacted by a cloned scammer account and have provided sensitive information to that contact, there are a few things you should do immediately:

  • Immediately report the cloned account to Facebook.
  • Select the three dots to the top right of the scammer profile and select Block to prevent the scammer from seeing any other details in your account.
  • Let your friend know they've had their account cloned so they can instruct all of their friends to not accept any new friend requests.
  • If you've provided any username or password details to the scammer, immediately change those login details. If you're already locked out, report this to Facebook so they can block any activity on the account.
  • If you've provided bank or credit card details to the scammer, report this to Facebook and your bank so they can stop any financial transactions from taking place.
  • File a complaint with the government's Internet Crime Complaint Center.