Facebook cloning scams are continuing to rise, turning ordinary profiles and family photos into tools for fraud and social engineering, writes Richard Frost, head of technology solutions and consulting at Armata Cyber Security.
Have you ever wondered what criminals can do with a convincing copy of your life? If not, you should.
Because it’s easy for criminals to step inside your Facebook world and create a cloned profile of your family, friends, adventures and experiences.
They don’t need to hack your account to build this extremely convincing copy. They have simply used your name, photos and public details to make a fresh account that’s so realistic and so accurate, they can approach your friends and family and con them in seconds.
Do you think this is dramatic? Recent data shows, 687-million fake accounts were taken down by Facebook. In 2019, that number was 2,2-billion. The Federal Trade Commission (FTC) has reported that impersonation scams have increased more than 400% since 2020, and they aren’t showing signs of slowing down.
Facebook, one of the world’s most popular and populated social media platforms, sits right in the middle of this problem.
Globally, the platform remains a risk for users and authorities. In Singapore, for example, authorities found that ‘more than one-third of the ecommerce scams reported in 2024 had taken place on Facebook, and that impersonation scams with government officials tripled in the first half of 2025’.
Meta, the parent company for Facebook, has been ordered to introduce stronger safeguards or face fines.
Then there’s the very real profit that Facebook is making from fake ads. In 2024, the company estimated that it made 10% of its revenue from scam ads and banned products.
And the number of scam ads shown per day across Meta’s platforms? 15-billion. For criminals, the platform’s scale and finely tuned ad-personalisation system are the perfect engine for fraud.
The most worrying part is that many people are unknowingly helping attackers build their own Facebook clones. Profiles are left wide open and friends lists are public, and this means threat actors can instantly find a target list for their cloned accounts.
Which means that perhaps the first and most important step you can take to protect your identity is to lock your account so only your profile picture and cover image are visible to strangers.
This will dramatically reduce what information a hacker can harvest and how easily they can impersonate you.
Unfortunately, there is a risk that well-meaning friends can undo your careful privacy settings.
Even if you keep your account watertight, other people tag you in photos of your children or in posts that reveal where they go to school. These tags inadvertently expose your children and your private information.
Beating this problem means using Facebook’s tag approval settings so nothing appears on your timeline without your consent.
This is not dramatic or excessive either. One of the most common social engineering patterns is attackers studying tags and family connections and then using a cloned profile to approach a child with a message that appears to come from a trusted parent or friend.
If a child already knows that ‘Mom and Dad are already tagged here’ and recognises the name of the person contacting them, a stranger using that information can sound convincing enough to persuade them to share details or leave a safe space with the wrong person.
Oversharing location data is another problem. People inadvertently reveal their daily routines with photos, status updates and live location sharing.
A series of harmless posts about the route you drive and the street outside your home or the school logo on a blazer gives attackers everything they need. There have been cases where a single tagged photo has been enough to reveal a private location.
Combatting the risks comes down to hygiene. Hide your friend lists, lock down your privacy, turn on tag review, and avoid posting images that reveal too much information.
Treat social media as part of your broader situational awareness and teach your children that a message from Mum or Dad on Facebook is not enough on its own.
Facebook cloning is not an online irritation, it’s a gateway to fraud and sometimes physical crime powered by oversharing, weak privacy settings and highly scalable impersonation tactics. So make sure your digital footprint is secure and close the door on social media, for good.