Different platforms have different rules, so it is hard to say when you need the process, but once you start collecting clones, you're probably there!

That's it exactly, Denise. You're a pro!

I assume they're all scammers when they reach out. And I check before replying, if I actually reply.

Denise - you're right, and I considered using the term spoofing in this article, but decided against it as that often involves email and domain names and all sorts of more complicated concepts than what these fakes are doing. These are very easy for them to generate and don't require much effort on their part at all. Since they never actually access your account, 2 factor authentication won't help - but it is DEFINITELY always a good idea. You're a good friend for reporting those.

I know what you mean about them disappearing. Usually that's a good thing: someone reported them and they got banned. But they can be back in a heartbeat, especially if they're using a bot to generate the attack.

BTW - there's something dark magic related to the 10k mark on Instagram. It isn't just that you can verify at that stage, it's that there are bots that start generating massive attacks at that stage. I'd heard it, but now I've actually seen it happen to a few people. One client I know fell into a very clever social engineering scheme that triggered once he hit 10k followers. Being very very cautious about people who reach out to you on Instagram is IMPORTANT.

Of course this makes life complicated for those of us who use social media for marketing. You have to assume - and hope - that people you are reaching out to will expect you to be a scammer, so you need to outweigh that impression. And THAT can be hard... and gets harder every day.

Identity theft is a nightmare. Hence Lori's question about having a picture with private information even in existence being a concern. She's right. And do we trust these platforms to protect and destroy the picture as soon as it is verified (as they say they will do). Cloning plays on the terror of identity theft to try and trigger a dangerous reaction.

Instagram did work quickly to take down the spoofs when I reported. It helps I have over 5k followers.

I do regularly report spoofs of friends and other accounts I follow.

Instagram won't verify until you have at least 10k followers, and then you have to jump through a few hoops if you're not using a paid account.

I was hacked once on Facebook on my personal account. That one was a pain because the hacker was allegedly working from Japan. it was back and forth with the passwords changing, but eventually I got in with a better password and then changed all of my privacy settings. I've also been spoofed there, once. Or someone said I was, but they didn't give me the URL so I could report. I couldn't find it to report.

Another great way to help prevent both is two-factor login. It's a pain, but it makes it harder.

denise

You have a thorough to do list.

I thought I'd been hacked, but it was a cloning.
I went in and changed some privacy settings. I'd already changed my password, but I needed to have a more complex one anyway, so there's that.

Several years back I had my identity stolen. That was a hot mess.

That's it exactly! We need to teach folks to type in addresses and pay attention to those addresses. It gets complicated when some browsers hide the address by default. And the prevalence of hacking/cloning confusion is the reason I wrote this. Much easier to send people to the article than keep repeating it over... and over... and over... Thanks for sharing the post!