Recently I had somebody try to clone my Facebook account. Yes, the guy who is so particular about security and settings actually left enough information available publicly to allow a snake to wiggle his way through the cracks. It took me about an hour of valuable work time to reply to everybody posting notes of caution on my timeline and further lock down all of my settings to help ward off future attempts at cloning.
It is pretty much impossible at this time to completely prevent Facebook Cloning. Facebook makes you leave some data available for public viewing in order to make you findable by your friends. You can however take some simple steps to make it difficult for them to clone your account and there by profit by it while wreaking havoc with your friends list. So here are some simple steps to lock down your account from public viewing. Please note I did all of these from a desktop browser to make it easier.
Start off with the Settings option on the menu bar. It is the far right drop down arrow next to the padlock.
Although not required to prevent cloning it is very important to protect your existing account from hackers. If you haven’t changed your password within the past 3 or so months do so now. Go to Settings, General, Password, Edit. Key in your old password and new password in both boxes and Facebook will indicate to you if the new password is a Strong password before you save it.
If you do not have what is considered to be a a Strong password then create one before you update your old password. You should always use a string of randomly generated characters consisting of letters in upper and lower case mixed with numbers and special characters. The longer the better. I generally use 15 or more characters for sites that support them. The key here is the password must be random. If you’re not familiar with randomly generated passwords you can search the Internet for “strong password generator” and several sites and guidelines will pop up. An example would be something like ‘qNfu723T53~2tbNu’.
I cannot emphasize enough how important it is to have unique, randomly generated passwords for each site you frequent. Easy to remember passwords that are used across multiple sites are a recipe for disaster and why so many sites are targets of brute force attacks to garner email addresses and passwords that might be useful in targeting other more profitable sites.
The next step is to go through each of your settings and everywhere you can set access to “Friends Only”. There are a few places in Settings where Facebook will not allow you to switch to Friends Only. In those cases select instead “Friends of Friends”. Never under any circumstances wherever possible allow for Public viewing. This is where you are the most vulnerable and a high value target for cloners.
Pay special attention to Privacy, Timeline and Tagging and Public Posts under the Settings menu. These are the three areas where you want everything you can set to Friends Only. This is what will keep most of your information away from prying eyes.
Friends is one of the most overlooked areas of privacy in Facebook and the most profitable target of cloners and spammers. Go to your home page and on the left side of page just below the Intro sections is the Friend section that contains a list of all of your friends. On the right hand side of the title bar is a drop down arrow for Edit Privacy. Switch this setting to Friends Only. This will limit access to your friends only. Once a cloner sets up a clone of your account this is one of the first places they go. They immediately begin sending Friend Requests to everybody in your Friends section as fast as they can. Why? Because they want to spam everybody on your friends list with requests for cash and merchandise offers. Some truly malicious cloners will block you from your cloned account so that you cannot even see it and then they’ll begin posting as you right behind every valid post you make and you wont’ even see the posts. Needless to say this wreaks havoc with your friends.
Another good practice is to update your profile picture regularly. That way if somebody has cloned or at least started the cloning process of your account your newly updated profile will easily identify you as the valid holder of the account. Every time you update your profile picture you should delete all of your old profile pictures to limit access to only one picture of yourself.
The profile picture and background picture are the only two pictures that are required to be Public on Facebook. So always limit both to one picture only and always delete old pictures no longer active. In addition, a good practice is to add a comment to your profile picture and flag that comment as Friends Only. What this does is if somebody does steal your profile picture for a cloned account they cannot see your comment. Only your friends can see the comment. This gives your friends a quick and easy way to make sure your account is the correct account. Add something along the lines of:
This is my official profile picture. It must be Public but Friends Only can see these comments. Never accept a second friend request from me. The real NAME HERE is tagged in this photo. If you are a real friend you can go to my Albums and find this picture in NAME OF ALBUM photos.
Next up is your Photos. Go to the Photos section of your home page. Go to the Albums view. In the bottom right corner of each album that is not required by Facebook to be available for Public view such as Profile Pictures, Backgrounds and yes, Mobile Uploads there is a drop down menu in the bottom right corner where you can flag each album as Friends Only. This will keep clones away from photos they might use to convince others they are you. Needless to say it also keeps those pictures of you bathing junior away from the eyes of complete strangers as well.
The Timeline might take a bit of work to clean up but is well worth it to keep information about yourself and your habits away from the Public eye. Go to the Settings menu and then to the Public Posts section and click the link towards bottom center that says “Want to know what followers can see? View your public timeline.” This will switch your current view to your Public Home Page. This is what everybody in the world can see about you. If you see any posts on the right hand side of the screen under the timeline section that information about you is publicly viewable. If you do not want that information to be out there in the public domain then open another browser and go to your home page. Scroll down to each of those postings and at the top of each post is a drop down box where you can click it and switch it from Public to Friends Only. Keep repeating this process until everything you do not want viewable by the Public has been corrected.
Occasionally you might find a post on the timeline that you cannot change the privacy settings. These are typically something like a linked online article. You can either leave it if you do not find it objectionable or you can simply click the drop down menu in the upper right corner of the post and Delete it from your timeline.
Once you get all timeline posts updated be sure and refresh your Public Home Page. You should see a clean home page with no timeline entries, no friends to view, no photos to view and a link to send a message to you if they think they know you. No more anonymous friend requests.
Last but not least is your About You section. This part is optional but I did this as a best practices kind of thing. On your home page right up top for everybody in the world to see is the About You section. This is typically used to quickly convey to others a summary of the greatness that is you. “Studly, fit Mensa Genius that loves animals and spending quiet evenings with loved ones in front of the fireplace.” My About Me is now a little more to the point. It reads “NEVER ACCEPT ANY SECOND FRIEND REQUESTS FROM ME”. Most friends that get a friend request from a cloner naturally go straight to your home page to see what’s up with the original account. If you’re lucky the cloner will not clone this part of the home page and your friends will get a first shot warning something might be up.
It is a shame we have to take such extra steps to protect our privacy and much more important in my mind to protect the privacy of our friends and loved ones. But in the end this is a good thing to do not only to prevent cloners but also to help guard against identity theft. The good news is your prospective employer the next time you look for a job will not be able to see those naked pictures of you running around the yard after losing at beer pong. Bonus.