Phony Facebook friend requests are putting you in danger – how to spot them

April 27, 2020

By Kim Komando

If you’ve been using Facebook for years like most people, you’re probably familiar with the insane amount of notifications that can hit you at once. You’ll see things like upcoming birthdays, events from your groups and a plethora of other random activities from people you know.

One kind of notification generates far more excitement than others, though: a friend request. It can absolutely make your day when someone new (or familiar) reaches out to you and tries to connect, but it can also be a sign that your profile isn’t as private as it should be. Tap or click here to see the privacy settings you need to adjust.

And sometimes, that request you get might not even be a real person at all. Data harvesters and cybercriminals sometimes pose as (not so) innocent Facebook accounts so they can scan your profile and share your data. Some even go as far as sweet-talking you into giving up personal information. Here’s how you can spot the phonies.

Fair-weather friends

Fake Facebook friends requests can come for a variety of reasons — some harmless, some malicious. These are some of the types of bad actors you’re likely to encounter in your request notifications:

• Scammers
  • Scammers create fake Facebook profiles and send you a friend request to access to your personal data, like contact details, or other personally identifiable information that’s restricted to “friends only”
  • This information would be useful in setting you up for a phishing attack
• Malicious link posters
  • Some requests come from attackers sharing malicious links that lead to malware or phishing sites. These can end up in your Facebook News Feed after you accept their friend request.
• Catfishing
  • Catfishers create extremely detailed fake profiles to trick people for romantic or financial gain. They’ll often use photos of beautiful models in an attempt to hook victims. Tap or click here to see the damage a catfisher can do.
  • They’ll sometimes spam random friend requests to huge numbers of people before finding a willing victim. If you get a request, keep in mind that you’re probably one out of a thousand “prospects” for these fakers.
• Exes and ex-friends
  • If you unfriend someone who you’d like out of your online circle, they can still find their way back to your Facebook account by creating a fake profile. People aren’t always who they say they are, and befriending you using an alias lets them know what you’re up to without you knowing.
• Jealous partners
  • Your current significant other could be questioning your devotion and trying to bust you. This sometimes occurs when jealous people want to “prove” your loyalty or test to see what you’d do when confronted by suggestive situations.
  • This information could be recorded with the intent of using it against you later. This is textbook abuse, and should not be taken lightly. Tap or click here to find out more about stalkerware, another type of spying tool used by jealous partners.
• Private investigators
  • Much like scammers, investigators will sometimes use fake friend requests to learn more about you, as well as see information that you’d normally restrict as “friends only.”

How do you spot a fake friend request?

It might seem tricky to suss out real people from fake ones on Facebook, but there are obvious signs that point to an automated or fraudulent account. Accounts run by real people with fake information are more difficult to spot, but there are still several red flags that usually give the game away.

Here are some questions to ask yourself before accepting any friend request that comes your way:

• Is the request someone familiar, or are they friends of friends?
  • If you don’t recognize the person or ever recall meeting them, the profile could be fake.
  • Check the requester’s friends list to see if there are mutual friends or anyone you may know. Facebook will usually highlight the number of mutual friends you share in the request.
• Is the request from an attractive person?
  • Everyone is beautiful in their own unique way, but professional modeling headshots are a dead giveaway for a fake profile.
  • This goes double for profiles with provocative profile pictures. If it looks like a professionally lit and shot photo of a person in a sexy pose, ignore the request (unless, of course, you’re friends with several models in real life).
• Is their Facebook history limited?
  • Check the user’s timeline and see how old the account is. If it was created in the last few days or weeks, that’s a major red flag.
  • Legitimate Facebook users tend to have a long history of content — with their timeline dating back several years. Of course, some people are late to the game and may just be getting started with Facebook, but it’s better to be safe rather than sorry.
• Do they have limited friends or are they all the same gender? 
  • An account with all-male or all-female friends isn’t just unusual, it’s a red flag for a fake profile. This is more true for accounts with all-female friends — especially if the account has a provocative or model-tier profile picture. This is designed to bait people, not connect with them.
• Is there limited personal content on their timeline?
  • Fake profiles typically feature very few day-to-day posts, which take more effort to create.
  • There might be some pictures or links, but they usually won’t have many status updates.
  • This doesn’t apply to catfishers, who tend to dedicate far more time to crafting their fake persona. These can be spotted by how overly “perfect” their life seems to be, but that’s not too different from the average Instagram user. Look carefully to make sure the information they post lines up with who they say they are.

People who accept more friend requests have a higher for fake ones.

If you seem to keep getting fake friend requests in spite of your best efforts, you may have already accepted too many in the past. Researchers from Facebook and Harvard have determined that friendly users who are overly welcoming to friend requests may be putting themselves at risk for more fake friends.

Using a mathematical algorithm, they were able to verify with high accuracy that highly-accepting users are much more valuable targets for scammers and creators of fake profiles.

In the graph above, people on the >1 side of the plot are more likely to receive requests from real people, while people on the

And it’s a good thing when these profiles get removed, especially now of all times. In light of the COVID-19 quarantine, cybercriminals and scammers are using Facebook messenger and fake profiles to trap users with phishing links.

According to an alert by The Better Business Bureau, scammers have started to message users they aren’t friends with about the latest coronavirus treatments and prevention tips, as well as “deals” on masks and PPE. These links, of course, are not legitimate. If you click one, you’ll be directed to a scam site that steals your personal data.

If you receive a random friend request from someone you don’t know, don’t get too excited right off the bat. Take time to ask yourself the questions above and work to narrow down whether the user is real or fake before clicking “accept.”

Social media isn’t a race, and the user with the most friends doesn’t end up winning anything. In fact, your experience might be better off with just a small circle of close friends you know and love.

And hey, that’s one way to reduce the annoying conspiracy posts clogging your timeline. Tap or click here to see how to spot fake COVID-19 news on Facebook.