I started getting notes from my Facebook friends and family that I had apparently sent them a friend request. Obviously if I’m already friends, why would I send a friend request? Something is fishy.
It’s not a hack, but it is a bit of bot driven social engineering. What they do is copy your profile photo, your name and sometime other publicly visible details and then they start going through your friends list and sending friend requests. I actually friended one of these because I have a friend who is a little loopy and I figured she had just created a new account. It’s reasonable, and it works.
But, why? What does a bot have to gain by being friends with your friends? The simple answer, access.
Facebook works on the six degrees of Kevin Bacon principle of privacy. That is, if I’m friends with you, I get to see your private notes that only friends get to see. And I get to see stuff about your friends too. Sometimes I get to see a LOT of stuff, like your birthday (“it’s so-and-so’s birthday today!”) which can be used as part of a broader profile that the bots can be building on you.
The entire Cambridge Analytica “breach” that influenced the 2016 election was categorically not a breach. It was a survey that people took, and in the process, they gave up information about themselves, including their friends. Knowing your friends and knowing a bit about you means I might be able to leverage your politics against you, I might be able to trick you into trusting a brand or buy something…
And it’s all perfectly within the Facebook guidelines that you reveal a bit more about yourself as you add friends, so it makes perfect sense that this social engineering is happening – friend me! You know me!
And once you do it, the bot now knows you.