Profile Cloning Impersonation Scams on Facebook
Fraudsters copy a real person's profile photo, name, and public information to create a duplicate Facebook account, then use it to contact the victim's friends and family with scam messages.
Part of: Profile Cloning & Impersonation Scams
Last reviewed: 1 June 2026
Facebook profile cloning is one of the most low-effort yet effective social engineering attacks on the platform. Unlike account takeover — which requires defeating security measures — cloning simply requires copying publicly available profile information to create a new account that convincingly mimics the original.
The cloned account then sends friend requests to the original user's connections and, once accepted, begins sending messages with investment pitches, fabricated emergencies, or links to phishing sites — all appearing to come from a trusted contact.
How this scam works on Facebook
A scammer copies the target's profile photo and cover image, copies or paraphrases biographical information, and sets their display name to match. They then send friend requests to people on the original account's visible friend list. Recipients who accept see a profile photo they recognise and a name they know — and may not notice the new profile has a different account history.
Once connections are established, the cloned account begins messaging them. Common approaches include fabricated emergencies requesting money, links to fake investment platforms where the 'friend' claims to be making large returns, or requests for gift card codes.
Victims are often informed about the cloned account by a mutual connection who received a suspicious message, prompting the original user to search for their own name on Facebook — typically revealing the clone immediately.
Common red flags
- Second friend request from someone you are already connected with on Facebook
- Message from a 'friend' that references an investment opportunity or unusual financial request
- Newly connected account with no post history, no check-ins, and no tagged photos
- Mutual connection alerting you that they received an unusual message from 'you'
- Profile that uses your exact name and photo but was created recently
- Friend of a friend accepting a request and then receiving a suspicious message shortly after
How to protect yourself
- Set your Facebook profile photos, posts, and friend list visibility to 'Friends only' to limit data available for cloning
- Alert your connections if you discover a clone, so they can ignore or report it
- Report the cloned account to Facebook immediately using 'Report profile > Pretending to be me'
- Conduct periodic searches for your own name on Facebook to check for duplicates
- Regularly review and lock down your privacy settings under Facebook's Privacy Checkup tool
- Enable two-factor authentication on your real account to distinguish it clearly from a clone that lacks your secure access
How to report it
- Report the cloned profile directly using 'Find support or report profile > Pretending to be me or someone I know'
- Ask trusted mutual friends to also report the profile to increase reporting volume and trigger faster review
- Alert the real person being cloned if it is not your own account — they may not be aware of it
Frequently asked questions
What is the difference between a cloned account and a hacked account?
A hacked account is the original account taken over by an attacker, who then uses it directly. A cloned account is a new separate account built to look like the original. Both are used for the same fraudulent purposes, but they require different responses — a hacked account must be recovered by the real owner, while a cloned account is simply reported for removal.