Facebook & Instagram profile cloning scam
by Di · Published 18/11/2020 · Updated 12/01/2021
Cloning of personal profiles and brand pages has been a problem on Facebook for several years, but it’s now a serious issue on Instagram too. Many compers are receiving daily ‘Congratulations!’ messages from scammers masquerading as giveaway promoters. Facebook phishing scams even featured on the BBC TV show Rip Off Britain recently!
This blog post explains how you can distinguish a fake winning notification from a genuine one, and what you should do if you’re targeted by scammers.
Why are scammers cloning profiles?
Scammers are attempting to win your trust, hoping you will hand over personal details, bank details and pay them money.
A few years ago they preyed on Facebook users – they would clone a personal Facebook profile, and then contact that person’s Facebook friends pretending to be that person and asking for urgent money transfers via PayPal or BACS. Even my 82 year old mother-in-law was a victim!
In 2020 the scammers are imitating brands and small businesses instead of individuals, and in particular their target is giveaway entrants. They find a giveaway on Facebook or Instagram, and send ‘Congratulations’ messages to the entrants, with a link to complete their details on a web form. They will then try to get the fake ‘winners’ to pay money to receive their non existent prize.
Facebook page cloning is still common too – fake pages claiming to be popular brands like CenterParcs and DisneyWorld offer unbelievable prizes in Like & Share comps, then start bombarding their followers with dodgy links to collect their personal information (see my post How to identify a scam facebook promotion).
How the scammer gets in touch with giveaway entrants
- On Facebook, the scammer creates a profile with the same name as the brand that’s running the giveaway (usually with a typo or extra punctuation!) and sends you a friend request. Then they’ll message you with a link asking for personal details.
- The scammer might use a cloned Facebook profile to comment on a public share of a competition post on your profile. The comment will congratulate you on your win, then ask you to visit their profile. On their profile will be a link to the website claim form.
- On Instagram, they will clone a brand profile and follow you, then send a message asking you to visit a link to claim the prize (see GlossyBox example below). They will usually include a link to the giveaway post to make it look official.
It’s likely the scammers may ask for a small payment to receive your prize – do not give them any details! Some compers have given their card details and had money taken from their accounts before realising they’d been the victims of a scam.
How to check if a message is from a genuine promoter
- The main clue to a scammer is poor spelling and grammar in their communication
- Check that the giveaway you’ve ‘won’ has actually closed – scammers sometimes message while it’s still live!
- A scammer’s profile name usually won’t match the official brand profile (extra letters in the brand names – Bigfoots Sausages instead of Bigfoot, for example)
- For bigger brands, look for the tick next to their name to show they’re verified
- On Facebook, if a brand comments in reply to your entry on their giveaway post it says ‘Author’ next to their name
- Find the genuine brand Instagram account – the best way to do this is to search Google for the brand’s website, then look for social media icons on the home page and click them. Do these links go to the same Instagram profile that you received a message from? If not, be suspicious!
- Genuine promoters will usually only ask for your name and email address, plus a postal address if they need to post out a prize – and this information is usually required by you responding to their DM, not via entering information on a link.
What to do if you think something is a scam
If you think a message looks genuine, but you’re not 100% sure, respond to the message and tell them you’re concerned due to the number of scams around, and ask if you can have their email address instead of giving your details via Direct Message. If they respond with an email address, check it’s trustworthy by putting the domain (after the @) into Google – for genuine promoters it will be a brand website, or a marketing/PR/fulfilment agency.
If you’re certain the account is fake, report it using the instructions below, and send a message to the genuine promoter’s account to warn them about the cloned account.
How to report a cloned Facebook profile
To report a cloned profile, tap the three dots on the right of the cover photo. Choose Find support or Report Profile. Annoyingly, if you choose Pretending to be a someone, there’s no option to choose a brand page – the closest option is to choose Fake Name. and then report the profile.
You might get a message back saying Facebook have reviewed it, and it isn’t a breach of Facebook Community Standards, but eventually the profile should be taken down especially if there are multiple reports.
How to report a cloned Instagram profile
To report a cloned Instagram profile, tap the three dots on the right of their profile page, then Report from the menu and select It’s inappropriate. Select Report account then It’s posting content that shouldn’t be on Instagram, and Scam or Fraud. Unfortunately Instagram have removed the ability to flag up accounts that are impersonating verified accounts!
It’s disappointing that scammers are able to easily set up so many fake Facebook or Instagram profiles without them being automatically flagged as suspicious, but hopefully if we continue to file reports that will show that fake profiles is a serious problem that needs fixing.
How to make it difficult for a scammer to clone your Facebook profile
As most compers have their Facebook profiles set to public, and are actively commenting on public brand pages, they’re at risk of having their own Facebook profile cloned.
To clone a personal Facebook profile, scammers simply go to a user’s profile, copy their name and photo and set up a brand new account using their identity. They then go through the user’s public friend list, adding each one as a friend. The friends usually accept, presuming there’s been a Facebook glitch and they were unfriended. Once they’ve been added as a friend, the scammer then sends a message – usually asking for money.
It’s easy for someone to copy your profile name and photo, but without any friends to contact they won’t be able to do much scamming! Hiding your friends list from your profile will help deter scammers – change the privacy settings of your Friends list from public to private using these instructions:
- On the Facebook app, tap your profile photo then tap the three dots under your cover photo. Tap View Privacy Shortcuts and See more privacy settings. Swipe down to Who can see your friends list?, tap and select Only me from the list.
- To do this on desktop Facebook, tap the three dots and choose Profile and Tagging settings, then select Privacy – or go directly to www.facebook.com/settings?tab=privacy
How to prevent fake profiles from commenting on your Facebook competition shares
If the fake Facebook profiles are starting to bug you, why not post your ‘Like & Share’ entries publicly to a group instead of to your own profile? The promoter will see all the public shares together on the same list under their competition post. But in a public group, the fake profile would not be able to comment. Lots of compers have created these small sharing groups (mine is Great Facebook Giveaways). You need just 2 members to form a Facebook group, so find a friend willing to be your second member.
How promoters can help to warn entrants
If you’re hosting a giveaway on Facebook or Instagram, include text to warn people about possible scammers. Adding text like this will help: ‘Please be vigilant – giveaways are being targeted by scammers who impersonate the promoter’s social media accounts. Do not click any links in messages, and report any fake profiles! We will DM the winner from this account.’
If you found this post helpful, you might also want to read How to identify a scam Facebook promotion.
If you’re a member of my Lucky Learners Facebook group, you can share your screenshots and questions on our dedicated SCAM post, where members offer advice.
Have you experienced scams on Facebook or Instagram? Let me know in the comments.Watch out! Scammers cloning Facebook and Instagram profiles are targeting giveaway entrants.
“Dear Facebook user, congratulations!” scam – How to remove
“Dear Facebook user, congratulations!” scam is a message, thanking users for their loyalty to Facebook. As a reward, people are offered an exclusive chance to get an iPhone 8 or another pricy item completely for free. Many users have received this message and confronted Facebook about it: is it pop-up a part of a legitimate campaign, or is it a scam? As it was confirmed, the “Dear Facebook user, congratulations!” pop-up is a scam, similar to “Google Rewards Center” and “Amazon Rewards Event”.
“Dear Facebook user, congratulations!” pop-up is not from Facebook: it is from cyber criminals
To make these messages seem more believable, crooks insert legitimate logos and background images. In this case, “Dear Facebook user, congratulations!” scam will feature the official logos of Facebook. However, you should realize that the message won’t help you win any of the advertised goods. In fact, if you interact with such messages, you might immediately get redirected to malware-laden websites: by visiting them, you might easily catch a virus, a crypto-miner or another harmful infection.
This message could be classified as a “lottery scam” which impersonates a specific service or organization. Facebook has listed this type of hoax in one of its articles (What are some common money scams I should look out for?). Facebook explains that such scams usually after users’ credentials, personal information, physical address or banking account details. Users will have to provide such info if they wish to receive the prize. However, “Dear Facebook user, congratulations!” scam won’t reward you with iPhones or other expensive items. After scammers learn your personal details, you might become a victim of an identity theft or have all of your savings stolen from your banking account. There have been Facebook-related scams before, like: “Your profile has been selected by Facebook ” or fake Facebook account removal messages.
Even though it is presumable that “Dear Facebook user, congratulations!” scam will only appear to users, using computer devices, there is a chance that the message will be seen on users’ Androids as well. After all, such lottery scams have been noticed to bother owners of mobile phones (Congratulations, you won Malware Scam Crosses Over to Android). Therefore, please do not trust any Facebook-related lotteries or sweepstakes: they are very unlikely to have been created by reliable representatives of Facebook.
One reason why this “Dear Facebook user, congratulations!” scam is being presented to you is that you have become infected with an adware parasite. This malware type is known for its intrusive nature and the number of generated online advertisements (Viruses vs. Spyware vs. Adware vs. Malware. Whats the Difference?). Most of them might be harmless, promoting various types of services, but others could be secretly transmitting malware or inserting tracking cookies into your device. None of these possibilities sound pleasant.
How to stop “Dear Facebook user, congratulations!” scam from being presented on your screen?
“Dear Facebook user, congratulations!” pop-up does not come from reliable people: we have already established this. Now, it is important to determine why this message is displayed. One of the reasons behind this message might be that you are visiting some rogue domains, featuring this exact message. It is common for online-streaming or file-sharing websites to accept content pretty recklessly. Therefore, it is best to treat such domain with caution.
The latter message can also be presented because you have become a victim of malware. Have you recently installed a new freeware program? If yes, it might be the source of all your problems. If you know which tool might be responsible for the suspicious activity in your computer, remove it from Control Panel.
However, if you do not have the slightest idea about why this fake message is displayed to you, we only have one option available. Please use an anti-malware tool to scan your device and determine whether your OS is in big trouble or not. We recommend downloading Spyhunter program: it has proven itself to be a highly-efficient anti-malware tool, protecting you from all sorts of malware parasites. In addition to this, it is very easy to use, so you won’t have any issues in that department.
How to remove “Dear Facebook user, congratulations!” scam using Windows Control Panel
Automatic Malware removal tools