High riskSocial Media Scams

Facebook Account Recovery Scam

This scam uses a hacked friend's account to ask you to be a 'recovery contact' or share a code, which actually hands your own account to the scammer.

Quick verdict

Risk level
High risk
Scam type
Account takeover scam
Main red flag
A friend's message asking you to receive a code or help recover their account.
What to do first
Do not share any code. Contact your friend another way to check.

What this scam usually looks like

This scam uses a hacked friend's account to ask you to be a 'recovery contact' or share a code, which actually hands your own account to the scammer.

Example message pattern

Example pattern — not a real report
Example pattern: 'Hey, I'm locked out of my account and listed you as a trusted contact. I'm sending a code to your phone - can you send it back to help me get back in?'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • A message from a friend's account asking for a verification code
  • A claim that you are their 'trusted' or 'recovery' contact
  • A code arriving on your phone that you did not request
  • Urgent pressure to reply quickly
  • Links to a login page that is not the official platform

What to do

  • Do not share any code that arrives on your phone
  • Contact the friend through another channel to confirm
  • Turn on two-factor authentication for your account
  • Report the suspicious message to the platform

If you already clicked or replied

  • Change your password immediately from the official app
  • Log out other sessions and review login activity
  • Turn on two-factor authentication
  • Warn your contacts if your account may have messaged them

What not to do

  • Do not send verification codes to anyone
  • Do not act on urgency without verifying
  • Do not log in through links in the message

Similar scams

High risk Social Media

Instagram Verification Scam

This scam offers a blue verification badge or warns your account is at risk, then links to a fake login page that steals your password.
Medium risk Social Media

Fake Giveaway Scam

This scam tells you that you won a prize or giveaway, then asks for a fee, your login, or personal details to 'claim' it.
High risk Email

Fake Apple ID Locked Email

This scam claims your Apple ID has been locked for security reasons and links to a fake sign-in page that captures your Apple ID and password.

Frequently asked questions

Why would a code come to me for my friend's account?
It usually will not. A code arriving on your phone is for your own account, and sharing it lets the scammer take over your profile.
My friend really is locked out. Can't I help?
Help by confirming through another channel, but never share codes. Real recovery does not require you to read out codes sent to your phone.
How do scammers get into the friend's account first?
Often through earlier phishing. Once inside, they message the victim's friends to spread the scam using the trust between them.
What protects my account best?
Turn on two-factor authentication, use a strong unique password, and never share codes, even with people you know.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.