How does this work?
You may get a message from a friend asking for help. They may say they’re locked out of their Facebook account and need a login code that Facebook has sent to you as a trusted contact. This may seem harmless and a simple task to help a friend.
The issue is that the code that they are asking for is to access your account, not theirs. If you send it, you are giving them access to your own Facebook account. It’s important to remember that any verification code Facebook sends you is meant to protect your own account. It’s never meant to be shared with anyone.
When someone tries to log into a Facebook account from an unfamiliar location or device, Facebook will send a verification code to the account owner. This is part of its two-factor authentication process that is designed to protect your identity. Scammers can trick you into giving away this code that keeps your account secure.
If you ever get a message from someone asking for a verification code, take a moment to stop and think. Scammers rely on urgency and pressure to get what they want. The best way to handle it is to contact your friend directly through a phone call to confirm whether their request is genuine.
Fake profiles that look like your friend may message you using the same name and profile picture to trick you. Other times, your friend’s account may have already been hacked, and now the attacker is using their real profile to reach out to their contacts to scam them too. This creates a chain reaction where every hacked account is used to target more victims.
If you’ve already shared a code and think someone may have hacked your account, act immediately. Firstly, change your Facebook password to something unique and secure e.g. “The-77-Bus-Is-Always-Late”. When you update your password, you will be logged out of your Facebook account on all devices automatically. Next, turn on two-factor authentication to add an extra layer of protection by requiring a second code from your phone whenever someone tries to log in. Report the issue to Facebook through their support tools so they can help you recover and secure your account. Warn friends and family in case the hacker tries to send them the same message. It’s best to contact people directly and tell them you have been hacked and to ignore messages received from you.
Scammers use the same approach on other platforms like WhatsApp, Instagram and even email. When an attacker gains control of someone’s account, they take advantage of the trust that person has built with their friends and family. They can then use that position to spread phishing links, deliver malware or beg for money under false pretences. Scammers use emotional manipulation and fear to pressure people into clicking, replying or sending something they shouldn’t.
Be cautious, never share a code sent to you, no matter how convincing the request might seem. Always double-check anything that feels off. In a digital world where trust can be weaponized, staying safe means staying alert.
https://www.welivesecurity.com/en/cybersecurity/so-your-friend-has-been-hacked-could-you-be-next/
https://www.pcnetworked.com/how-scammers-use-your-friends-to-steal-your-facebook-account/