Profile Cloning & Impersonation Scams
Duplicate profiles built using your public photos and name to scam your contacts or tarnish your reputation.
Last reviewed: 1 June 2026
What this scam is
Profile cloning impersonation scams involve a scammer creating a near-identical copy of your social media profile using your publicly available name, photo, and biographical information. The cloned account is then used to contact people who know you — friends, family, professional contacts, or followers — and solicit money, personal information, or engagement with malicious links, all while impersonating you.
Unlike account takeover, which requires the actual compromise of your account, profile cloning requires nothing beyond access to the public-facing parts of your profile. Any photo you post publicly, your displayed name, your location, and your listed interests can be copied in minutes and assembled into a convincing duplicate.
The cloned account may be used to run romance or emergency scams against your existing contacts, to spread misinformation attributed to you, to solicit fraudulent brand deals using your follower count as a selling point, or to operate a fake business page associated with your real identity and professional reputation.
This scam is particularly disorienting for the genuine account holder, who often only discovers the clone when contacted by friends who received suspicious messages, meaning significant harm can be done before any remediation is possible.
How it works
The scammer downloads profile photos, copies display names, and replicates biographical details from the target's public account. They create a new account with the same or near-identical name and upload the stolen materials. Where usernames are available, they choose one as close to the original as the platform allows.
The clone is then used to send friend or follow requests to the target's existing connections, often targeting people who may not notice the subtle username difference or who will simply accept a request from a face they recognise. Once a connection is established, the scammer uses the trust built by the real person's existing relationship to make requests.
Common requests include emergency cash transfers, voting for a fabricated competition, clicking a link to view a video or news story, or providing contact details. In professional cloning, the scammer approaches the target's professional network offering to sell services or request business information.
The target's real account remains unaffected throughout, making discovery slower and complicating the victim's ability to warn contacts efficiently.
Why this scam works
Humans recognise faces before examining other details. When a connection request arrives showing a familiar face and name, the instinctive response is recognition rather than scrutiny. The extra cognitive step of checking whether you are already connected — which would reveal the duplicate — requires deliberate effort that most people do not apply automatically.
For professional networks, a cloned profile can exploit years of reputation-building. Colleagues and clients who receive messages from what appears to be a known professional contact lower their guard in ways they would not for an unknown party.
Common red flags
- Friend or follow request from someone you believed you were already connected with
- New account with your friend's photos and name but a slightly different username
- Contact from a known person on a new account asking to be added again
- Unusual message from a contact who suddenly needs money or help
- Profile has recently joined the platform but uses photos from years ago
- Account has few friends or followers despite appearing to be an established person
- Messages from the cloned account push urgency or financial requests early in conversation
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Hi, this is my new profile — my old one got hacked. Can you add me again? It's [name].
Hey, I'm in trouble — I lost my wallet while travelling. Can you send [amount]? I'll pay back as soon as I'm home.
I set up a new business page. Can you give it a like and share? Here's the link: [link]
I created a new account after some issues with the old one. Please ignore any messages from the old profile.
Did you see this video? Someone said it was you — watch it here: [malicious link]
Common variations
- LinkedIn professional cloning targeting business networks for information gathering or vendor fraud
- WhatsApp impersonation using a cloned profile photo on a new number
- Brand page cloning — duplicate of a business page used to solicit payments from customers
- Celebrity or public figure cloning used to run giveaway scams
- Partial cloning — only the profile photo and first name copied to make a less detectable variant
How to verify before you act
When you receive a friend or connection request from someone you believe you are already connected with, check your existing connections list first. If you are already connected, the new request is a clone.
Search for the person's name directly on the platform and compare the number of accounts that appear, the account creation date, and the follower or friend counts. A recently created account with few connections is likely a clone even if the photos and name are familiar.
Contact the real person through a separate channel — a phone call, a different messaging app, or their verified email — to confirm whether they sent a new request.
Payment methods used
- Payment apps to 'friends & family'
- Bank transfer
- Gift cards
Who is usually targeted
- Individuals with public profiles
- Professionals with established LinkedIn networks
- Content creators with public accounts
- Business owners
What to do immediately
- Report the cloned account to the platform using its identity-theft or impersonation reporting tools
- Warn your friends and contacts directly — post on your genuine account or message close contacts personally
- Document the cloned account with screenshots before reporting, as it may be removed quickly
- Check whether the cloned account has sent requests to your contacts and ask them to decline or remove it
- Do not engage with the clone or try to confront it directly — report and document only
- Consider temporarily making your profile photos visible only to existing connections to limit future cloning
How to prevent it
- Set your profile photos to be visible only to existing connections to limit the ease of cloning
- Periodically search for your own name on major platforms to identify any cloned accounts
- Enable privacy settings that prevent non-connections from sending you friend or follow requests
- Educate your regular contacts about the possibility of cloning so they know to verify unusual requests
- Link your official accounts where possible to reduce ambiguity about which is authentic
Evidence to preserve
- Screenshots of the cloned profile including username, profile photo, and bio
- Any messages sent from the clone to you or contacts
- The date you discovered the clone
- A list of contacts who received messages from the clone if this information is available
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How do I report a cloned account using my identity?
Most platforms have an impersonation reporting flow accessible through the cloned account's profile or through the platform's help centre. You will typically be asked to confirm your own identity and provide a link to your genuine account. Platforms generally remove confirmed impersonation accounts within a few days of a verified report.
Can I prevent my photos from being used to clone my account?
Restricting who can view your photos — setting them to friends-only rather than public — significantly reduces the ease of cloning. However, photos you have posted publicly in the past or that others have shared publicly may already be accessible. Watermarking profile photos is a partial deterrent but not a complete solution.