What we learned from having our own account cloned.
By Nick Gelling
Cloning is a technique scammers use to trick people into handing over money or personal information. It involves copying the social media presence of a trusted person or organisation, and abusing that trust.
Most commonly, the scam duplicates an individual’s account and attempts to trick their friends into sending money. If you think your friend has been cloned, report the scam to the social media platform as well as an organisation like internet safety watchdog Netsafe, and let your real friend know.
To avoid being targeted:
lock down your privacy settings so only friends see your posts
decline any friend requests from people you don't know
make your friends list private, so scammers can't target them if your account is copied.
While it’s usually personal profiles that are targeted, particularly brazen scammers sometimes try to copy the page of a popular business or organisation.
Our first-hand experience
Last week, a Facebook user with the name Consumer-nz appeared, complete with duplicated profile and cover pictures. The fraudulent account began adding New Zealanders as friends and trying to scam them by mimicking the prize pack promotion we’re currently running.
One of our members let us know, having reported the account and been told by Facebook that it was legitimate. Confused, we reported the page too, and were told the same thing:
Eventually, we were able to use contacts at Facebook to assist in having the page removed, but the average consumer won’t have those contacts. Netsafe can assist when harmful content is posted, but this leaves cloned pages in a potential enforcement gap, even though they clearly breach Facebook’s community standards.
Think twice before entering a competition
It’s no coincidence which Consumer NZ post was targeted for cloning – competitions are often imitated by scammers, because they’re an easy way to gather personal data. They also spread organically, due to people liking and sharing the post.
Netsafe has a few tips for avoiding fake social media competitions:
Investigate the profile or page. Scammers often only bother to copy one or two posts before moving on to another grift. Scroll back
a little way to see if the page has more to it than just the
competition post. You might even see evidence of a previous scam.
Consider if the prize is realistic. Some legitimate contests have surprisingly valuable prizes, but if a competition seems too good to
be true, think twice.
Inspect the URL. If a post invites you to click through to a website to sign up, hover over the link to see if the web address
matches the organisation running the competition. If it seems safe
and you click through, think about whether the website looks how
you’d expect too.
Don’t give away too much information. Legitimate competitions will ask for a few personal details, like a name and email address.
If a form asks for more, it should be clear why – for example, a
birthdate for an age-restricted competition, or an address if the
prize will be delivered. Some details, like your driver licence or
bank account info, are huge red flags.
When we originally announced our competition last week, I was secretly pleased to see this comment on Facebook:
It shows our followers are being thoughtful about the viral contests they’re seeing on the internet. Hopefully, that same healthy skepticism meant nobody was duped by the copycat.
Small businesses beware
If you run a Facebook page for your small business, watch out for this happening to you. Being the target of a clone can hurt your reputation and damage trust with potential customers.
Worse, there’s every chance Facebook’s algorithms will determine that the clone is harmless, like it did for us. Only, you might not have the leverage to force the issue.
Cert NZ senior incident analyst Tim Hamer said it’s harder for companies to avoid this scam.
“Unfortunately, there’s little businesses can do to stop their account being cloned as they need to operate their accounts publicly, but we would recommend businesses make their legitimate social media accounts clear by linking to them on their website and in the bio section for their other social accounts,” he said.
“It can also help to search for your business name on social media occasionally to see if there are any cloned pages and report them. And remember to let your customers know if there’s any scammers about, so they don’t fall prey."
Have you been the target of a digital scam? Contact me at firstname.lastname@example.org so we can use your story to protect others.