You are scrolling Facebook and see someone you know posting about easy crypto money.

Maybe they made “$5,000 in a week.” Maybe they are suddenly offering to help people invest. Maybe they message you directly like, “Hey, I know this sounds crazy, but this is legit.”

Except it may not be them.

Their account may have been hacked, and now the scammer is using a familiar face to make the scam feel safe.

How Facebook accounts get hacked

Most account takeovers do not happen because someone is “bad with tech.” That is the easy excuse.

Most happen because attackers are good at tricking people, and fake links are still allowed to look way too normal. Because apparently that is the internet we get.

• Fake login pages: You click a link that looks like Facebook, enter your password, and hand the scammer the keys.
• Phishing messages: Messages like “Is this you in this video?” are designed to make you click before you think.
• Password reuse: If you use the same password everywhere, one leaked password can open more than one door.
• Malicious apps or links: Some links lead to fake permissions, malware, or pages built to steal login details.
• Verification code tricks: Scammers may ask for a login code and pretend they need it to confirm something. They do not.

Once they get in, they may change the password, lock the real owner out, message friends, and post fake investment screenshots.

How crypto scams work on Facebook

After a scammer gets into an account, they use it like a trust costume.

They do not need to convince you that a random stranger is trustworthy. They are pretending to be someone you already know.

• “I made $5,000 in a week” posts
• Direct messages offering to help you invest
• Fake screenshots showing big profits
• Fake testimonials from hacked accounts
• Urgent messages like “get in now before it is too late”

The point is not to give you time to think. The point is to make the opportunity feel personal, urgent, and safe enough that you skip the part where you verify it.

What to do if a friend messages you about crypto

Do not argue with the account. Do not click around to “see what happens.” That is how people end up in the mess.

Do this instead:

• Do not click the link. Curiosity is what the scam is counting on.
• Do not send money. Not a little. Not a test amount. Nothing.
• Do not share verification codes. Those codes are for logging in, not proving friendship.
• Do not send screenshots of security alerts. They can be used against you.
• Contact the person another way. Call or text their phone outside of Facebook.
• Warn mutual friends if the account looks compromised.

A hacked profile can still look normal. That is the whole trick.

How to protect your own Facebook account

You do not need to become a cybersecurity engineer. You just need to make your account harder to steal than the next one.

• Turn on two-factor authentication. This adds a second step if someone gets your password.
• Use a strong, unique password. If you reused your Facebook password somewhere else, change it.
• Do not click suspicious links. Even if they come from people you know.
• Check login alerts. Facebook may warn you when a new device logs in.
• Review active sessions. Log out of devices or locations you do not recognize.
• Avoid public or shared devices. If you have to use one, log out fully when you are done.

What to do if you have been hacked

If your own Facebook account is compromised, act quickly. This is not the time to hope it sorts itself out because, spoiler, it probably will not.

• Try to reset your password immediately.
• Report the account issue to Facebook.
• Warn your friends not to engage with messages or posts from your account.
• Check active sessions and log out of unknown devices if you still have access.
• Scan your device for malware.
• Change reused passwords on other accounts.
• Turn on two-factor authentication after you regain access.