Traveling the Internet
This may seem like an odd blog topic for Vinnie’s Northbay Airstream Repair, but many of us are online researching Airstreams, looking to purchase, checking out upgrades or selling our rigs, and we need to use best practices to safeguard our identity and finances. I’m in marketing, which means I’m engaged on social media and I’m also an Admin in several Facebook groups … Here are some of the top things I’ve learned along the way:
What do you do with a spoofed or cloned Facebook account:
A spoofed or cloned account is different than an account that has been legitimately hacked, which I’ll discuss at the end of this blog. We’ve all received a Facebook friend request from someone we’re already friends with and the new account is clearly a clone. While your friend hasn’t been hacked, it’s still a safety liability. Don’t just delete the request … Reach out to your friend and let them know their account has been cloned AND then report it to Facebook, delete the request and BAN the imposter.
What should your friend do?
Make a Public Post
They should immediately post on their personal page that someone has cloned their account and not to accept a new friend request. They should make this post PUBLIC but turn off commenting. They should also let their private groups know they have been cloned so the group can be on the lookout for suspicious activity. To do this, tag an Admin on the group page and let them know to look for a message from you. Your message will go into a separate place in Messenger since you’re likely not Facebook friends with the Admin and they need to be on the lookout. Alerting your group is essential if you are a group Admin.
Why make it public and turn off commenting? Public makes people aware of the fraud and turning off comments prevents the loser scammers from popping into the comments with bogus claims of helping to restore the account.
How do you turn off commenting once a post is public?
Click on the three dots to the right of your post and select Profiles and Pages you mention. Don’t mention anyone or any pages and this effectively turns off commenting on a public post.
Cloned accounts are so common that people often ignore them. The risk lies when one of these fake accounts is cloned well enough to fool a friend or infiltrate a Facebook group. This happened summer 2024 to Bronco Nation on Facebook, a group with over 120K members. One of their Admins had their account cloned and another Admin accepted a friend request and admitted the cloned account into their Facebook group as an Admin. From there the fake account began admitting scammers and making them administrators and no one noticed these people who were “Previewing the Group.” The group was absorbed in one day by scammers who kicked out all of the Admins and began selling everything from t-shirts to die cast cars to Broncos that didn’t exist. It took an incredible amount of man hours and legal wrangling to get their group back.
I’ve heard so often, “What does someone have to gain by getting into an Airstream group or any other type group?” Legitimacy. They have been admitted into a private group, they learn the lingo, and then they post an item they don’t actually own or befriend someone they believe is vulnerable with the intent to defraud. Fake accounts represent profiles that may or may not be linked to a real person and they are often created from stolen information on real accounts.
Look for the telltale signs of a fake account:
No profile picture or the use of a cartoon picture, anime, animals or stock images.
Inconsistent or limited posting history, including hidden posts.
They have very few photos or only one profile image.
They lack genuine interaction with others … It’s all very scripted and stock.
Names and information that don’t match across platforms or that have random characters and numbers.
Having a huge amount or only a handful of friends.
What Can Administrators Do to Safeguard a Group?
If you’re not a group Admin some of these same safeguards still apply to your personal interactions.
First, don’t have too many Admins: It’s tempting, especially in a large group, but too many Admins often leads to a false sense of security. We had a tragedy in our community last summer when a child drowned during a family party. Everyone said the same thing, “I thought so and so was watching her.” When there are too many Admins your group runs the risk of believing someone else is safeguarding the membership. Remember, Admins are different than Moderators.
Set up Admin Assist within your Facebook group and put parameters in place for membership such as: The person must have a profile picture, they must have had their Facebook account for at least 6 months, they must answer your membership questions and they must agree to group rules. If those requirements aren’t met, then Admin. Assist automatically boots the person’s request after an hour. I use this tool and it’s a good one.
Don’t be too nice: If someone isn’t willing to answer your group questions, then they shouldn’t be knocking on your door. With Admin Assist they’ll know why they were declined.
Do your due diligence when looking at a membership request: Is the name legit? Look at their profile for any tips it might be fake. Remember, as an Admin you are a gatekeeper for your members and you have a responsibility to do the right thing by your group. Never just hit the “Accept All” button in the membership section … That’s never the right answer.
During a recent group audit I deleted every member who didn’t have a profile picture because most of them were clearly fake. Facebook has flagged this as one of the biggest marks of a fake account.
These pictures are profiles that I’ve found in various private groups who made it past an Admin who likely didn’t want to be insensitive and hit decline.
Groups Should Assign Admin Roles and Moderators:
Membership Requests: These are the Admins. who are willing to take extra moments to look at a membership request. They should also be the hardliners of your group and not the softies. They need to have mettle and be saavy enough to decline a person who didn’t answer the membership questions or has a fake looking profile. It’s responsible to decline membership to someone who didn’t accept your terms or looks shifty.
Engaged moderators who are on the lookout for spam, including AI generated images and bots or trolls who are there to stir up discord: AI generated images are often the first tip that your group has a problem brewing. Look for proportions that are off in a photo … Legs that are too long or too thin, photos with surreal lighting or items in a photo that don’t properly align. Bots are getting smarter and are often planted in groups to stir the pot on politics or other hot button issues. Once it was fairly easy to spot these bots because they’d say things that didn’t quite make sense, but now it’s becoming harder to discern.
Get rid of spammers: Some people make genuine mistakes, but most spam is intentional. Be proactive.
What can I do to safeguard my identity?
Look for the telltale signs of a fake account and don’t engage. Report.
Get a check mark on your profile by getting Meta Verified. For Facebook the cost is currently just over $12.00 a month. If you want to add Instagram to your verification it’s a bit more. Some people will bristle at this cost because Facebook is free, but it’s also a streaming service not unlike Spotify, Netflix, or Hulu and people willingly pay for those. Getting verified gets you access to Facebook support if things go south with your online presence. I’m verified and I can’t change my name or even my profile picture without Meta reverifying my authenticity. It’s also a deterrent to scammers who may bypass the account of a verified member.
Run a privacy check-up on your account. That’s found in your settings and it steps you through prompts on what to change for heightened security.
Make sure you have two-factor verification turned on. This is an easy one and it’s essential.
Lastly, and most importantly, DON’T EVER INPUT YOUR USERNAME AND PASSWORD WHEN REQUESTED UNLESS YOU INITIATE CONTACT AND ARE CERTAIN THE WEBSITE IS LEGITIMATE.
Currently, there’s a Facebook phishing scam where it appears that Meta is contacting you because someone tried to access your account from another city (this often happens and it’s a legit warning) but this fake alert asks you to input your username and password AND if you do, then you have handed over your Facebook account to a hacker.
Phishing scams typically have a “tell” with incorrect grammar, spelling errors or a URL that is highly suspicious when you hover over the link.
Never input your credentials if spontaneously prompted no matter how legitimate the alert looks … When in doubt, X out.