AI Scam SensePart of AI Sure Tech

Social media friend asks for a login code

The Friend Who Needed a Code

A message appears to come from a real social media friend asking for a login or verification code, but the account has likely been taken over.

Try this in Before You ActBack to scenarios

Scenario story

The familiar name

Andre receives a direct message from a friend he knows from a neighborhood group. The friend says she is locked out of her account and needs help receiving a verification code. A minute later, Andre gets a text with a code. The friend asks him to send it quickly because she is trying to recover her page.

The friendly pressure

The request feels harmless. The message uses the friend's profile photo, normal greeting style, and a believable excuse. When Andre hesitates, the friend says, "Please, I only have two minutes before it expires."

The clue

Andre reads the code message carefully. It says the code is for his account, not hers. He realizes that someone may be trying to log in as him while pretending to be his friend. Instead of sending the code, he contacts the friend by phone. She says her account was taken over that morning.

The prevention step

Andre reports the account, changes his password, and turns on stronger account protection. He also posts a general warning in the neighborhood group without embarrassing his friend.

Warning signs

  • A friend asks for a code sent to your phone or email.
  • The message says the code expires soon.
  • The request comes through a social media account that may be compromised.
  • The code message says it is for your account.
  • The friend avoids a phone call or outside verification.
  • The message creates friendly urgency.

Questions to ask

  • Why would someone else's account recovery code come to me?
  • Does the code message say it is for my account?
  • Can I contact this person outside social media?
  • Is this account behaving differently than usual?
  • Am I being rushed into sharing a security code?

Safer next steps

  • Never share login, reset, or verification codes.
  • Contact the friend through a known phone number or another trusted method.
  • Report the suspicious message or compromised account.
  • Change your password if you interacted with a suspicious login flow.
  • Enable multi-factor authentication and review active sessions.

What not to do

  • Do not send a code to anyone, even someone who appears to be a friend.
  • Do not click recovery links sent through direct messages.
  • Do not assume a familiar profile picture means the account is safe.
  • Do not argue with the scammer from your account.
  • Do not reuse the same password across social platforms.