Got a strange message from a friend's account? Here's what it is.
ScamChecker.online·Last verified June 2026·Active and growing·5 min read
In a nutshell
A real friend's account sends you a voting link, a crypto tip, or an urgent favor. The account is real. The person at the keyboard is not.
Their account was hijacked. Now it's being used to reach everyone who trusts them - including you.
Some messages try to steal your login too, so the scam jumps to your account next. Others push you toward crypto, gift cards, or a verification code.
If your own account was taken over, act fast - the steps below are ordered to lock the attacker out and warn your contacts.
Our verdict
This is a scam. The trusted name on the message is borrowed, not real. A hijacked account is a tool for reaching that person's whole contact list at once - which is exactly why the pitch works on people who'd ignore a stranger.
Advertisement728×90 · Replace with AdSense unit
Does this sound familiar?
Someone you actually know - a friend, a cousin, a coworker - messaged you out of the blue. A contest to vote in, a money-making tip, a quick favor, or "is this you in this video?" It came from their real account, so your guard was down. Then it asked for something: a click, a code, a payment.
Below are reconstructed examples of the messages people receive once a friend's account has been taken over. The details change - the structure doesn't. (Illustrations, not real screenshots. Names, handles, and links are fictional.)
‹
S
Sarah (your friend)
active now
Hey!! 🙏 my niece made the finals of a modeling contest and I'm trying to get her votes. Could you vote for her? Takes 10 seconds, you just sign in:
vote-finalists2026[.]com/sarah
Thank you sooo much ❤️
9:14 AM
The "vote for my niece" link goes to a fake login page. Sign in and you've handed over your own account - and the scam jumps to your friends next.
M
Mike R.
Messenger
Today 11:02
Bro you have to see this. I pulled out $9,400 from a crypto trading program last week, totally legit. The manager is still taking a few people. Want me to connect you? You can start with like $300.
A known contact suddenly pushing a "can't-lose" crypto program is the compromised-friend variant - the same investment pitch, wrapped in a name you trust.
J
Jess
last seen recently
omg is this you in this video?? 😳 [link]
also random - I'm setting up a new phone and a code got sent to your number by mistake. can you screenshot it to me? trying to verify my account 🙈
14:38
"Is this you in this video?" is a classic credential-phishing hook. The code request is account theft - that code logs them into your account, not theirs.
The wrapper changes - a contest, a crisis, a giveaway, a job tip, a "look at this." What stays the same is that it arrives from a name you recognize and ends with a click, a code, or a payment. This pattern goes by a few names: account takeover, account hijacking, a hacked or compromised account, and on Instagram the "vote for me" or giveaway scam.
How it works
The scam runs in four phases. By the time you get the message, phases one and two have already happened to your friend - quietly, often without them noticing for days. (The screens below are illustrations of how this typically looks.)
1
The takeover
The attacker gets into one account. Usually it's a reused password exposed in an old data breach, or a phishing link the person clicked - often a "vote for my friend" or "is this you?" message sent by an account that was hijacked before theirs. Sometimes it's a stolen login code. One cracked account becomes the launch pad for the next.
‹
Account Login
new device
Sign in to continue voting
10:24
email + password ✓
10:25
⚠ Login from a new device · Lagos
10:26
🔑 One reused password or one phished login is all it takes to start.
2
Lock out and study
The attacker changes the password and the recovery email, and often turns on their own two-factor - so the real owner can't get back in. Then they read. Past messages show who's close, how the person writes, which friends owe favors. That homework is what makes the next message believable.
🔒
Password changed
Recovery email updated. A login alert was sent to an address you no longer control.
Owner locked outAttacker reading DMs
👀 Quiet on purpose. The longer the owner stays unaware, the more contacts get hit.
3
The message goes out to everyone
Now the account messages its contacts - sometimes hundreds at once. The ask is tuned to whatever works: vote in a contest (a link that phishes your login), a crypto tip "that worked for me," a verification code "sent to you by mistake," or an urgent favor like receiving a payment. It reads like your friend because the attacker studied your friend.
‹
Sarah (your friend)
active now
Hey are you around? Quick favor 🙏
12:01
sure what's up
12:02
I'm locked out of my account and the reset code went to your number by mistake. Can you send me the code? 🙈
12:03
"It was my sister's account. Same emojis she always uses. I sent the code before I even thought about it - and then my own account was gone too."
- Reconstructed from common victim reports
4
The payoff - and the spread
Whatever you give gets cashed out fast. A phished login becomes the next hijacked account, which messages the next round of contacts. A shared code locks you out of yours. Crypto or gift-card payments vanish. Some attackers also hold an account for ransom or run a fake giveaway off it. The scam is built to multiply - each victim becomes the next believable sender.
What they cash out…
↑
Your login (phished)next account
↑
Verification codeyour account
↑
Crypto "investment"gone
↑
Gift card numbersgone
Each compromised account becomes the bait for the next one. That's the engine.
Remember
A trusted name is not proof. The account can be borrowed.
Verify by another channel - call or text the person directly.
Never share a login code. No real person needs yours.
Turn on two-factor and use a unique password per account.
Red flags to catch it early
None of these alone is proof. Several together means stop and verify.
A link with a login screen
Voting contests, "is this you?", prize claims - if the link asks you to sign in with your social or email password, it's harvesting it.
"Vote for my niece, just sign in: vote-finalists2026[.]com"
A request for a verification code
"A code went to your number by mistake, can you send it?" That code logs them into your account. Never forward it - not even to a friend.
A sudden pivot to money
A friend who never talks crypto now has a "manager" and a guaranteed return. Or needs you to receive a payment, buy gift cards, or send a few hundred dollars.
Urgency and secrecy
"Right now," "don't tell anyone," "I'm in a hurry." Pressure is there to stop you picking up the phone to check.
It reads slightly off
Odd phrasing, a greeting they'd never use, refusing to hop on a quick call or voice note. The story is right but the texture is wrong.
Friends say you sent something you didn't
If people reply to messages you never wrote, or you get a login alert from a place you've never been, your account may already be the one sending the bait.
Account hijacked, or you clicked the link?
If your account was taken over
Lock it down, warn people, then report
Speed matters. The faster you move, the less the attacker can do with your name.
1
Try to log in and change your password nowIf you still have access, change the password to something unique and sign out all other sessions. Then turn on two-factor authentication if it isn't already on.
2
If you're locked out, use the platform's account-recovery flowFacebook, Instagram, and others have official "I can't access my account" / "my account was hacked" recovery pages. Start there. Check whether the recovery email and phone number were changed and reclaim them.
3
Warn your contacts on another channelPost or message from a different account, or text people directly: "My account was hacked - ignore any messages asking for codes, votes, or money." This stops the spread to your friends.
4
Change the password anywhere you reused itIf that password was on your email or bank too, change those immediately. Reused passwords are how one breach becomes many. A password manager makes unique passwords manageable.
5
If you shared personal or financial information, treat it as exposedSent a code, entered card details, or shared your ID? In the US, get a recovery plan at IdentityTheft.gov and consider freezing your credit. Watch your accounts for unfamiliar activity.
6
Ignore anyone who offers to "recover your account" for a feePeople who've been hacked are quickly targeted by a follow-up money recovery scam - a second fraud charging upfront to "restore" your account or funds. No legitimate service works that way.
Always report the hijacked account to the platform too - that's the fastest route to getting it locked and recovered.
How big is this problem?
Social media is where a growing share of fraud now starts - and account hijacking is part of why. When a scam arrives from a real account, it borrows that person's trust. The FTC notes scammers "might hack into your account to scam your friends," alongside fake profiles and ads.1
$2.1B
Reported lost to scams that started on social media in 2025 - about eight times the 2020 figure1
~28%
Of 2025 fraud loss reports that named a contact method said the scam started on social media1
$261M → $2.1B
Reported social media scam losses climbed every year from 2020 to 20251
~4.8%
Estimated share of mass-market fraud victims who ever report it - real losses are far higher than official totals1
People reported losing more money to scams that started on Facebook than on any other platform in 2025, with WhatsApp and Instagram next.1 Account takeover sits underneath several of those losses: a hijacked account is the delivery system for investment pitches, phishing links, and "send me a code" requests that then take over the next account.
The mechanics are old and reliable. Many takeovers begin with a password exposed in a past breach and reused elsewhere, or with a phishing link that captures a login - which is why the FTC's standing advice is to confirm any "problem with your account" message by contacting the company through a channel you already trust, and never to click links in unexpected messages.2 Two defenses blunt most of it: a unique password on every account, and two-factor authentication turned on.3
Federal Trade Commission, "Don't take the bait on phishing scams", September 2024. Phishing and account-suspension mechanics, and the "verify through a trusted channel, don't click links" guidance.
We document recurring online scam patterns using primary sources - government agencies, law enforcement, and security researchers. We do not accuse named businesses, and ads on this page do not influence our reporting. Read about how we research or who we are.
Last verified: June 2026·Reviewed against current FTC guidance