Attack of the clones: Beware fake social media accounts

Attack of the clones: Beware fake social media accounts

- Cyber security - Phishing


The vast majority of us now use social media to keep in touch with friends and family, but unfortunately unsecure social media accounts provide a goldmine of information for online criminals.

As well as being able to learn everything about a potential target for phishing and social engineering campaigns to access both personal information and sensitive corporate data, scammers have another tactic up their sleeve to dupe victims. On Facebook, they are creating clones of legitimate accounts to trick people into giving away financial and personal information.

The number of fake and duplicated accounts is difficult to determine, but in 2015, Facebook said that up 31 million accounts were false. Twitter suggested that 5% of the accounts on the social network were fake, and LinkedIn said that they didn’t have a reliable way of identifying duplicated accounts.

The cloned accounts use the same name, personal information and photos included on a legitimate account in an attempt to imitate it. In many cases the scammers even go so far as copying statuses and updates to give the clone that legitimate feel.

By cloning a social media account, a scammer can then make contact with the victims’ friends and family, who are likely to accept a friend request from the cloned account and then begin the process of tricking them into giving away private information.

How to counter the clones

In this day and age of cyber threats, it is surprising that so many people continue to leave their social media profiles unlocked and open for any online users to see. To prevent someone from mimicking your accounts, simply ensure you lock them down. Facebook, for example, allows a user to effectively stop anyone who isn’t a trusted contact from seeing status updates and private information.

The most effective way, however, to keep your accounts secure is to not accept friend requests from people you don’t know. If you do receive a request and you don’t know the person who sent it just decline it.

If you think that your account has been cloned, report it to Facebook (or whoever runs the network affected) and send a warning to your contacts.

Phishing scams put businesses of all sizes at risk. Does your workforce know what to look for? Talk to us about phishing vulnerability assessments. Contact us via or +44 (0)845 600 4403.

Ready to get started? Speak to one of our experts.

If you have any questions about our services or would like to learn more about our consultants here at PGI, please get in touch with us and speak with one of the team, call us on +44 (0)845 600 4403 or email us at

Get in touch

Want to find out more?