“Did you send me a friend request?”

“No—we’re already friends.”

“Well, someone with your name sent me a friend request.”

I’ve been seeing this conversation on Facebook a lot lately. Sometimes it’s followed by announcements along the lines of, “I’ve been hacked!” with varying degrees of panic and outrage. Here’s what’s really happening:

Most people (and keep in mind that there are more than a billion of them) on Facebook don’t change their default privacy or account settings. This means that their email address is visible to their friends and friends of friends. If your business is delivering spam email, this is irresistible.

These spammers find a profile and set up a new profile with the same name and profile picture (remember, your profile picture is always public). Then, they send friend requests to all your friends, and presto! They have access to the email addresses of anyone who accepts.

It’s important to note here that your account has not been hacked. There is nothing wrong with your account. That said, if you’re using an insecure password, shame on you. But there’s no need to panic. There are, however, some steps you need to take.

It’s worth noting here that even if you have not experienced the above, you should do numbers 3 and 4 to prevent it happening.

Also, don’t bother trying to do any of this from a mobile device. Use a computer.

1. Change your profile picture

  • In the upper-left corner (next to your profile picture), click Edit Profile
  • Point at the little camera in the lower-left corner of your profile picture
  • Click Update Profile Picture

2. Report the fake profile

  • Type your name into the search box at the top of the page
  • Click See more results for “your name here”
  • Click People
  • Find the profile with your name and picture and click the name
  • Click the gear icon next to Message in the cover image (the big picture at the top)
  • Click Report
  • Click Report this account
  • Click This timeline is pretending to be me or someone I know
  • Click the appropriate buttons on the following screens until you get to Report

In my experience, these reports are acted on quickly; the fake profile is generally removed within a couple of hours, often sooner.

3. Adjust your privacy settings

  • Click the down arrow in the very upper-right corner
  • Select Settings
  • Click Privacy (on the left)
  • Pay attention to anything that’s not Friends. You probably want some of these to be Friends of Friends, but if you’ve never adjusted the default settings, there are likely changes you’ll want to make.

4. Hide your Friends list

  • Go to your own profile page (click your name next to your profile picture in the upper-left corner)
  • Click Friends (underneath the big cover photo)
  • Click the little pencil icon on the right towards the top of the screen
  • Select Edit Privacy
  • Set each option to either Friends or Only Me (if the former, be sure to never accept a friend request from…yourself)

If you want to be really safe, you should also take your real e-mail address out of your profile and just use the Facebook one.

Now, back to browsing baby animal pictures…