Check these Facebook settings right away

Originally posted February 2022, Updated May 2025

We’ve been receiving lots of reports from clients that their Facebook account has been hacked. In reality, usually it’s just been cloned. Here’s what’s happening. 

If you have a Facebook account, by default your Friends list is set to “Public” – meaning anybody on the internet can see who your Facebook friends are. But miscreants and scammers can use this information along with other public information to impersonate you by creating a new Facebook profile – even with your public profile picture(s). Then they send friend requests to all of your friends. Once your friends become friends with the new “you”, a scammer can persuade your friends that your original Facebook account was hacked and your friends are lead to believe the new account is really you. Scammers will then use your new Facebook profile controlled by them to have your friends confide in “you” to obtain personal/private information and/or gift cards or other financial scams.

What you need to change right away 

We recommend using Facebook’s Privacy Checkup to review your settings, and make sure that scammers can’t use public information from your Facebook account. In Facebook, go to your Account > Settings and Privacy > Privacy Checkup. In “Who can see what you share”, make sure “Who can see your friends list on your profile?” is NOT set to Public. In Privacy Checkup we also recommend going through “How to keep your account secure”, and make sure that you’re using a unique password for Facebook.

An additional step is to make sure that your only “Friends” can see your Followers – it’s set to “Public” by default. Check this setting by click the 3 dots near the top of your Friends list > Edit Privacy > Followers.

 Print This Article