Technology
When a Facebook friend request turns into a hacker’s trap
Are you as fed up as I am with the seemingly endless number of scams flooding Facebook? You know, the ones I’m talking about — the messages that make you stop and think, “Is this for real?”
Whether you’re new to Facebook or you’ve been scrolling for years, these scams can catch anyone off guard. But don’t worry.
I’ve got your back with some great tips to keep your Facebook account (and your sanity) safe. By the time we wrap this up, you’ll be well-prepared to spot these digital fraudsters from a mile away.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
A woman scrolling on Facebook (Kurt “CyberGuy” Knutsson)
A real-life Facebook scam story
Before we dive in, let me share a recent email I received from Cheryl in Buna, Texas. Her experience highlights just how sneaky these scammers can be:
“I had a hacker tell me, posing as a friend, that they received another friend request from me on Facebook. The hacker then, posing as a friend, told me they had had this problem and gave me a contact number for the Facebook official who had helped them. I called the number, but the hacker had limited information about me because a red flag was raised eventually. The hacker got access to my email, which I’ve had for 20 years, and had all kinds of confidential information in it.”
Cheryl’s story is a perfect example of how these scams can unfold. Let’s break it down and learn how to protect ourselves.
Friend Request on Facebook (Kurt “CyberGuy” Knutsson)
SCAMMERS EXPLOIT GRIEF WITH FAKE FUNERAL STREAMING ON FACEBOOK
The cloned account ruse
Scammers frequently initiate their schemes by posing as a friend through a cloned account. They may claim that they have received a duplicate friend request from you, creating the illusion that your account has been compromised. This tactic is designed to instill a sense of urgency and panic, prompting you to act without thinking.
In Cheryl’s case, the scammer, masquerading as her friend via a cloned account, provided a phone number for a supposed “Facebook official.” This is a classic maneuver intended to gain your trust and lower your defenses. The scammer provided the phone number as part of a deceptive strategy, claiming it was for a “Facebook official” who could help resolve an alleged security issue with Cheryl’s account.
This tactic creates urgency and trust, prompting victims to act quickly without verifying the information. Cheryl called the number because she felt compelled to address what she believed was a serious issue regarding her account security. Scammers often exploit such feelings of urgency, making victims more likely to engage without proper caution. It’s crucial to remember that Facebook will never ask you to call a number for assistance with your account.
When Cheryl called the number, the scammer attempted to extract personal information from her. Fortunately, she recognized some red flags and remained cautious. However, the hacker still managed to access her email, which contained years of sensitive information. Always be vigilant when receiving unexpected friend requests or messages from friends because they may not be who they claim to be.
Double-check before accepting
When faced with such a request, follow these steps:
- Don’t accept immediately: Resist the urge to automatically approve the request, even if it appears to be from a close friend or family member.
- Contact the person directly: Reach out to your friend through a different communication channel, such as a phone call, text message, or email, to verify if they’ve actually sent you a new friend request.
- Compare profiles: If possible, compare the new profile with the existing one. Look for discrepancies in photos, information or recent activity.
- Check mutual friends: A cloned account is unlikely to have the same mutual friends as the original profile.
Potential risks
If you accept a friend request from a cloned account, the scammer may:
- Send malicious links or attachments
- Request money or personal information under false pretenses
- Exploit your trust to scam others in your network
Reporting suspicious activity
If you confirm that the request is from a cloned account:
- Report the fake profile to Facebook immediately
- Inform your friend about the cloned account
- Alert your mutual friends to be cautious of any suspicious requests or messages
Image of Facebook app (Kurt “CyberGuy” Knutsson)
CLONED ON FACEBOOK? HERE’S HOW TO TAKE BACK CONTROL
Getting back on track
Recovering compromised Facebook accounts can be a hassle. Cheryl mentioned in her email to us that it took her a while to regain access to her Facebook and email. This is often the case, as scammers may change login information or enable two-factor authentication to lock you out. However, I have a step-by-step guide on how to recover a hacked Facebook account.
Once you’ve recovered your Facebook account, I recommend that you make it private and add two-factor authentication. Here’s how you can go about that process.
Image of Facbook login page (Kurt “CyberGuy” Knutsson)
HOW TO REMOVE FACEBOOK ACCESS TO YOUR PHOTOS
How to spot Facebook scams
To avoid falling victim to these scams, keep an eye out for these red flags:
1. Generic greetings in messages: Legitimate Facebook communications will address you by name. If you receive a message starting with “Dear User” or “Hello Facebook Member,” it’s likely a scam.
2. Vague claims of suspicious account activity: Scammers often use vague language about account violations or suspicious activity without providing specific details. Real Facebook notifications would include more precise information.
3. Requests for personal information via email or text: Facebook will never ask for your password or sensitive personal information through unsolicited messages. Any such request is a clear sign of a scam.
4. Demands for payment to recover an account: Facebook doesn’t charge for account recovery. If you’re asked to pay a fee to regain access to your account, it’s definitely a scam.
5. Threatening language or messages with poor grammar: Scammers often use urgent or threatening language to pressure you into action. Additionally, legitimate Facebook communications are professionally written, so poor grammar or spelling errors are red flags.
6. Links to websites not associated with Facebook: Be wary of links that don’t lead to official Facebook domains. Hover over links to check their destination before clicking, and avoid clicking on any link that seems suspicious or unfamiliar. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Steps to protect yourself from social media scammers
Here are some steps you need to be aware of so that you can protect yourself from social media scammers.
Beware of friend requests from familiar faces with whom you are already connected: These requests may be from scammers who are trying to impersonate your real friends and trick you in some way. Before you accept any friend request, always check the profile and compare it with the one you already have.
Have strong passwords: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. Consider using a password manager to generate and store complex passwords for your social media accounts. A password manager will also help you keep track of all your passwords.
Evaluate the source of the link before clicking it: If it is an unknown website or news source, be cautious. Scammers may use phishing links in DMs, emails, posts or text messages to infect your device with malware or capture your login credentials.
Install strong antivirus software: Having reliable antivirus software is crucial. If a cloned friend sends you a link, your antivirus can help prevent malware infections by scanning links and files before you click on them. This added layer of protection can alert you to potential threats, ensuring your device remains secure.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Be careful of anyone asking you for money, even if they claim to be a friend or family member: Scammers may try to impersonate someone you know to trick you into sending them money or personal information.
Closely evaluate sensational claims such as for a cure or treatment, a great prize or gift card or a job offer that sounds too good to be true. Scammers may use these tactics to lure you into giving them your personal information or paying them a fee.
Watch out for posts with poor spelling and grammatical mistakes: These may indicate that the post is not from a legitimate source.
Watch out for sparse profiles: Scammers often create sparse profiles to impersonate someone else or to lure you into giving them information. They may use a photo of a celebrity, a friend or a stranger that they found online. They may also use a name that sounds familiar or appealing. However, if you look closely at their profile, you will notice that they have no other details or activity on their social media.
Limit what you share about yourself online: Scammers may use your personal details, photos and videos to create fake social media accounts and impersonate you. Scammers can also use this information to steal your identity or access your online accounts.
Report fake social media accounts whenever you find them: if you suspect a fake account, report it to the social media platform and warn your friends about it. You can also block or unfriend people who send you suspicious messages or requests.
Remove your personal information from the internet: This is crucial because Facebook scammers often use publicly available information to make their schemes more convincing. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.
By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with the information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.
WARNING OVER NEW FACEBOOK AND APPLE EMAIL SCAMS DUELING FOR YOUR ATTENTION
If you suspect you’re a victim of a social media scammer
If you suspect you’re a victim of a social media scammer, you need to take urgent action immediately. Here are some immediate steps to take:
Secure your account: Immediately change your password to lock potential hackers out. If you’re locked out of your account, contact Facebook’s support immediately to recover it.
Inform your contacts: Alert friends and family so they’re aware and won’t be duped by messages or requests coming from your compromised account.
Monitor account activities: Keep an eye on your active sessions, messages sent and any changes made to your account. Any unfamiliar activity should be reported and reversed.
Seek expert help: If you believe your personal information, such as financial data or other sensitive details, has been compromised, consider reaching out to cybersecurity professionals or services that can guide you on further recovery and protection steps.
Use identity theft protection: Social media scammers are constantly looking for ways to steal your personal info and use it for their own benefit. They may send you phishing emails, fake friend requests or malicious links that can compromise your online security.
Theft protection companies can monitor personal information like your home title, Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaways
Remember, Facebook and other legitimate organizations will never ask for your password or personal information through unsolicited messages. If you’re ever in doubt, contact Facebook directly through its official help center. By staying informed and skeptical, you can keep your Facebook experience fun and scam-free. Always verify before you trust, use official channels for support and keep your personal info under wraps.
What experiences have you had with Facebook scams, and how did you handle them? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Amazon’s rolling out a free software update for Echo Hub devices that gives the home screen a much-needed update to the interface it launched with in 2024. It had already added Alex Plus AI support, but the new interface has a cleaner, fully customizable layout that fits more smart home info and controls on the screen than the previous version.
The Echo Hub is also getting access to Ring AI’s Video Search feature that lets you use natural language to search through your smart home camera footage, as well as Alexa Plus summaries of detected camera events.
These are the five new features Amazon highlighted for the Echo Hub:
Organize by r …
Read the full story at The Verge.
NEWYou can now listen to Fox News articles!
The FBI calls it a “distress scam.” It is also known as a grandparent scam. The scam works by making an older adult believe a grandchild is in serious trouble and needs money right away, often before a court date or legal deadline. Victims reported more than $5 million in losses to this type of fraud in 2025. The FBI’s Internet Crime Complaint Center also noted that reported losses likely show only part of what scammers actually stole.
The Federal Trade Commission found in August 2025 that some of the fastest-growing scams targeting older adults use fear and urgency to override good judgment. A caller may claim your bank account was hacked and say you need to move your money immediately to protect it. However, the money does not move to safety. It goes straight to the scammer.
HOW TO HAND OFF DATA PRIVACY RESPONSIBILITIES FOR OLDER ADULTS TO A TRUSTED LOVED ONE
AI voice-cloning tools have made these scams even more convincing. Scammers can use a birthday video, voicemail or social media clip to mimic a grandchild’s voice. Then they place the call. The voice sounds familiar, the emergency feels real and the request for bail money seems urgent. The FBI counted $352 million in AI-related scam losses among victims 60 and older this past year.
Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (This Saturday, June 13, 10 am ET)
- Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com
Scammers are using stolen personal data, AI voice cloning and urgent phone calls to trick grandparents into sending money. (ljubaphoto/Getty Images)
What makes grandparents worth targeting
The same three pieces of data are required for identity verification at most banks, brokerages, pension recordkeepers, and Medicare: date of birth, last four digits of a Social Security number, and a current mailing address. For most people in their sixties and seventies, all of those accounts are open.
Those three fields have turned up in breach after breach. The Conduent Business Services breach pulled names, SSNs, dates of birth, and home addresses for more than 25 million Americans from systems that process Medicaid records and employer health plans. Texas Attorney General Ken Paxton called it the largest data breach in U.S. history in February 2026.
Americans between 65 and 74 held a median net worth of $409,900 in 2022, according to the Federal Reserve’s Survey of Consumer Finances, more than ten times the median for adults under 35. The FBI found average losses of approximately $38,500 per victim among Americans 60 and older in 2025, nearly double the figure for younger filers.
Why elder fraud losses are often underreported
Older adults reported $2.4 billion in fraud losses to the Federal Trade Commission in 2024. However, the FTC’s December 2025 report to Congress estimated that real losses may have reached $81.5 billion that year. Most cases likely went unreported.
That gap makes identity theft harder to stop. A fraudulent wire from a pension account may never alert a bank. A new credit account opened with stolen information may not reach the victim until it appears on a credit report. By then, weeks may have passed since the application was approved.
Account protections worth setting up
Scammers move fast, so it helps to set up account protections before anything goes wrong. These steps can give banks, brokerage firms and family members more ways to spot trouble early.
1) Add a trusted contact to brokerage accounts
Brokerage accounts have a protection option many account holders never activate: a trusted contact designation. Under FINRA Rule 4512, brokerage firms must ask for a trusted contact when you open or update an account. A trusted contact can be a family member, attorney or accountant. The firm can contact that person if it suspects financial exploitation or cannot reach you. However, that person cannot trade, withdraw funds or view your account balances. FINRA, the SEC and the North American Securities Administrators Association asked investors in August 2025 to contact their firm and add one. You can name more than one trusted contact. You can also change the designation at any time.
SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES
Families can help protect older adults by adding trusted contacts, verifying urgent calls and blocking online Social Security changes. (Kurt “CyberGuy” Knutsson)
2) Ask about holds on suspicious withdrawals
Under FINRA Rule 2165, brokerage firms can place a temporary hold on disbursements when they reasonably believe financial exploitation may be happening. That hold can last up to 55 business days. In January 2026, FINRA proposed extending the window to 145 business days. Ask any firm holding a pension, brokerage or annuity account about its policy on disbursements after an address change.
3) Verify urgent calls before sending money
When a caller claims a grandchild is in trouble or a federal agent needs immediate action, hang up. Then call back using a number you already have, not the number in the message. The FTC found that 41% of older adults who reported losing $10,000 or more to impersonation scams in 2024 said a phone call was the initial point of contact. That makes one simple habit especially important: verify the story before you act.
4) Block online changes to Social Security
Social Security lets you block electronic and automated telephone access to your account record. Once blocked, no one can change your direct deposit information or mailing address online or through the automated phone system. After that, any changes must go through a live SSA representative at 1-800-772-1213 or a field office visit. FINRA also operates a free Securities Helpline for Seniors at 844-574-3577, Monday through Friday, 9 a.m. to 5 p.m. ET.
Identity theft recovery is harder on your own
Even strong account protections may not catch every scam attempt. That is why identity theft monitoring and recovery support can help families respond faster when personal information gets exposed or misused.
Some identity theft protection services monitor dark web marketplaces, data broker sites and people-search sites for exposed Social Security numbers, addresses and other personal information. If fraud happens, recovery support may help contact creditors, file disputes with the three credit bureaus and organize the documentation needed to restore an identity.
OUTSMART HACKERS WHO ARE OUT TO STEAL YOUR IDENTITY
Older Americans remain prime targets for identity theft because scammers can exploit exposed Social Security numbers, birth dates and addresses. (Kurt “CyberGuy” Knutsson)
Some plans also include identity theft insurance for eligible recovery costs, such as lost wages and legal fees.
No service prevents every misuse of an older adult’s identity. However, family monitoring and fraud resolution can shorten the time between when theft happens and when you or someone in your family acts on it.
See my tips and best picks on Best Identity Theft Protection at Cyberguy.com
Kurt’s key takeaways
Grandparents have become a prime target because scammers know where the money is and how to create panic fast. A familiar voice, a stolen Social Security number or a fake emergency can turn one phone call into a devastating loss. The best defense starts before the call comes. Add trusted contacts to financial accounts, block online Social Security changes, verify urgent requests through a number you already know and talk openly with family about scam warning signs. Identity theft protection can also help spot exposed personal information and speed up recovery if fraud happens. No family can stop every scam attempt. However, a simple plan can give older adults more time, more backup and a better chance of keeping their money safe.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Is enough being done to stop scammers from using AI voices and stolen data to target grandparents? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
A warrantless wiretap law is about to expire — but surveillance networks aren’t actually ‘going dark’
Congress has failed to pass a three-week extension of Section 702 of the Foreign Intelligence Surveillance Act (FISA), with the House voting 218-198 against reauthorizing the controversial warrantless wiretapping authority through July 2nd. After a short-term extension earlier this year, the spying program now appears set to lapse for at least a week. This is the nightmare scenario FISA’s proponents have been warning about — but it doesn’t actually mean the US has lost its surveillance capabilities.
Proponents of a clean extension claim a lapse will hinder intelligence agencies’ efforts to thwart potential terrorist attacks, with surveillance networks “going dark”. Sen. Tom Cotton (R-AR) stressed the importance of reauthorizing Section 702 ahead of the World Cup. House Speaker Mike Johnson (R-LA) has said even a brief lapse would be disastrous. “Democrats in the Senate are playing political games right now with the lives of Americans,” he told reporters Wednesday. “It’s a very dangerous situation.”
In March, the FISA court recertified surveillance under Section 702 until 2027. The Brennan Center for Justice notes that a lapse won’t allow telecom companies to flout requests to hand over communications information to the NSA and other spy agencies. In 2008, after Yahoo failed to comply with a Section 702 request during a lapse, the FISA court ruled that the directives issued under Section 702 are effective while the certification is in place — even in the event of a lapse.
“The phrase ‘going dark’ is significantly misleading,” Andrea Sawka Fiegl, the senior policy director for media and technology at Common Cause, said on a Tuesday press call. Fiegl added that companies don’t choose whether they participate in surveillance under Section 702. If they don’t comply after being served with a directive, they face fines starting at $250,000 a day.
“The ‘going dark’ framing is basically a pressure tactic designed to strip Congress of its leverage to negotiate reforms by creating this false binary,” Fiegl said. “There is ample time for Congress to consider and pass reforms.”
Among those reforms are a warrant requirement for queries involving US persons, including so-called “backdoor searches” in which intelligence agencies identify a foreign target with ties to a US person, and then search that person’s communications, thus granting them access to their desired US target. Reformers also want to prohibit intelligence agencies from buying Americans’ data from private brokers to get around warrant requirements.
“Every day that Section 702 is in effect without reforms is a day that Americans’ rights are under threat,” Sen. Ron Wyden (D-OR) said in a statement Wednesday night, after Senate Republicans blocked his request for a five-week extension of Section 702 with new transparency requirements. “If there is going to be an extension of these authorities, there needs to be some guardrails or at least some transparency that would allow Congress and the American people to understand the abuses that have taken place and the need for reforms.”
Though President Donald Trump and Republican leaders in both chambers have called for a clean reauthorization of Section 702, there’s bipartisan appetite for reform — and a handful of Republican holdouts stand in the way of a clean reauthorization. Most Democrats — even some who have supported reauthorization in the past — have objected to a clean extension due to Trump’s appointment of Bill Pulte as acting director of national intelligence.
-
Alaska2 minutes agoAlaska election official threatens to disqualify challenger Dan J. Sullivan in race against Sen. Dan Sullivan | CNN Politics
-
Arizona5 minutes agoWhy test result from bomb scare at Arizona Supreme Court changed later
-
Arkansas10 minutes agoROBERT STEINBUCH: No old taxes | Arkansas Democrat Gazette
-
California17 minutes agoAfter failed 911 calls, man’s death may be linked to California’s flawed 911 overhaul
-
Colorado20 minutes agoRecording reveals concerns over illegal activity in state’s marijuana industry
-
Connecticut25 minutes agoLIST: Where to find splash pads in Connecticut this summer
-
Delaware32 minutes agoCity of Wilmington moves forward with evicting homeless park residents
-
Florida35 minutes ago21-year-old motorcyclist from Fernandina Beach killed in crash on A1A
