Facebook disable scammers accounts but never deletes them
Few days ago, a message from Facebook popped up in my inbox, indicating I’ve just registered on Facebook.
I’m not Chloe Raff, and I’ve not created that account, and one account on Facebook is more than enough for me, but I find it funny that people keep registering with MY email address. Few moments later, I found that the email address that was used for creating this account was not a typo, but someone, probably a bot or a scammer, that typed random characters and prefixed that with a domain name I am owning.
My previous experiments with Facebook show that Facebook doesn’t require its users to verify their email address before using the social network website, but gently asks them to verify their account. I find it weird to allow account creations using fake email addresses, and I think that on 2016 everyone has (or should have) at least one email address, so the website can require email verification prior to letting the user in.
Than I’ve started getting more messages from Facebook. They notify Chloe about her new Facebook Mobile, and how she can get the most out of it, but there is only one problem — There is no Chloe here, there never was and will never be.
I had few people registering me to Facebook in the past. Few of them were probably mistaken in their own email address and I was receiving all their notifications, friend requests and activities, and the only way to notify them was using the internal messaging system of Facebook and notifying them about the typo.
I’ve got few automated notifications intended to Chloe, Facebook really interested on what’s going on with her. She most be very important to the social network, because she’s getting more notifications than me.
This time, I found it more difficult — I was unable to find the account on Facebook itself, so it is impossible to actually contact the person behind this account, and the randomly-typed email alias indicated that it is probably a fake account created to spam people, scam them, send them malware, etc. The best option is to DELETE THIS FAKE FACEBOOK ACCOUNT.
In order to deactivate Chloe’s account, I had to take it over. This is done by doing password recovery. Only the person who actually has access to the email address can recover his account, so I am the only one person on Earth that can recover her account. Few moments later, I was receiving the verification message, and was able to set up a new password on the account, so Chole, or the person pretends to be her, won’t be able to login to the account. Ever. Next step was to disable or delete the account, or this is at least what I was intended to do, because I fount it impossible.
Luckily, I’ve found that Facebook already took action and disabled this fake account, but this doesn’t stops there — I keep getting notifications intended to Chloe, even though “her” account is disabled for security reasons. So I guess I could never delete the binding between this fake account and my own domain, and if one day in the future I’d like to register for an account on Facebook using that email address (I don’t have a reason to…), I’d be unable to complete the registration.