Just last weekend, I received three “friend” requests on Facebook from people who were already Facebook friends of mine, which is an indication that someone had set up new Facebook pages in their names and was attempting to lure their friends into becoming friends with the hacker. This scam is called either Facebook cloning or Facebook spoofing and the goal of the hacker is to get people to respond to the new friend request and then to lure the friends of the person whose Facebook page they commandeered to trust communications and postings from the cloned page in an effort to get them to click on links and download malware or ransomware or respond to emergency requests by sending money.
There are many things you can do to protect yourself from this type of scam. Scammers harvest information from social media to help them in their scams so the first thing you should do is to check to see if the public is able to see your posts. Click on the padlock at the top right hand side of your Facebook page and click on “Who can see my stuff?” It should say “friends,” but if it says “public” you should change that setting to “friends” to increase your privacy.
As for accepting friend requests, if you are already a friend of the person, don’t accept a second request. Also, when accepting friend requests, don’t do it from the friend request email. Instead go directly to your Facebook page from your browser and not from a link in the email because it could be a phishing scam seeking to steal your password or other information.
Finally, it is worth repeating that you should never trust any communication that contains a link until you have confirmed independently that the communication is legitimate. The risk of malware in a link found in social media, a text message or email is just too great.
If your Facebook account has been cloned, here is a link that will take you to Facebook with tips as to what to do and how to report the problem. https://www.facebook.com/help/174210519303259