Fraudsters do not need to breach your social media account security to use your identity to defraud your friends. One of the cashless.pl. readers described such a scam to the editorial team.

See also: Adyen will handle payments for Legia Warsaw fans

You may have read in the media about criminals taking over social media accounts and sending messages to the owners' friends, for example, trying to obtain their Blik code. However, it turns out that fraud using your identity can also occur even if criminals do not know your password and have not hacked into your account. In the scenario reported to us by the reader, fraudsters create a new account for a real user using the real user's profile information and photos. They then invite the user's current friends to connect with them, some of whom are sure to accept, either because they think the person has created a new profile for some reason or because they take the invitation from someone they know without thinking twice. In this way, the fake profile gains additional credibility, as it has access to the network of real contacts of the person the fraudsters are impersonating.

The criminals then send messages from a fake profile. In the screenshots of conversations provided by the reader, the fraudsters asked her friends to remind her of their phone numbers, then claimed she was participating in an SMS competition and asked her friend to forward a message with a code, which the victim would receive shortly.

See also: Ryanair introduces Blik payments

In the case described, the interlocutor became suspicious of the story presented to him and contacted the person impersonated by the fraudsters differently. However, one can imagine various scenarios for the criminals' further actions, e.g., requesting a Blik code, clicking on a link, or transferring sensitive data.

This scheme is all the more disturbing because it can be carried out by anyone, without the need to obtain a password or hack into the account of someone whose friends are being targeted. What is more, neither password confidentiality nor multi-factor authentication will protect against it, as fraudsters create a parallel profile that they manage themselves. However, if you notice that such a profile has been created using your data, or if your friends let you know about it, you can use the 'Report Profile' option on Facebook (available by clicking on the three dots above the person's wall). After such a report, Facebook should review the profile and ultimately block it.