Week 2: Identity theft on social media – What to do when your best friend suddenly starts giving you crypto tips

Languages

Service navigation

Search

Navigation

Week 2: Identity theft on social media – What to do when your best friend suddenly starts giving you crypto tips

13.01.2025 - Imagine receiving an Instagram message from a friend excitedly telling you about an investment that supposedly earned them thousands of francs in just a few hours. They even include a screenshot of their account balance as proof. Normally, you would be sceptical – but when you think the message comes from someone you know, you are more likely to trust it. That's exactly what the attackers are counting on. The latest Weekly Review explains how this scam works and why two-factor authentication (2FA) is essential.

Last week, the NCSC recorded an increase in reports of hacked social media accounts, particularly affecting Instagram users. The attackers take over social media accounts not only to extort the owners, but primarily to exploit the trust they have built up with their followers: from the compromised accounts, they share Instagram stories advertising crypto scams.

After taking over someone's social media account, the attackers often change the email address and password linked to the account, locking the real owner out. Then the second phase of the attack begins: defrauding the owner's friends. The criminals share posts and stories advertising dubious online investment platforms, which are usually related to cryptocurrencies. To make the scam more convincing, they also create fake videos in which the actual account holder appears to confirm the supposed success, using video editing or AI. Their aim is to lure followers to phishing pages or fraudulent financial platforms.

Hacked Instagram accounts promoting fake cryptocurrency investments.
Hacked Instagram accounts promoting fake cryptocurrency investments.

How attackers gain access to accounts

In many cases, account owners unwittingly open the door to cybercriminals themselves. Currently, two main scams are being observed:

The "influencer competition" scam
The owner of the social media account receives a message that appears to come from a friend. In reality, that friend's account has already been taken over by criminals. The message might say, for example: "Hey, I need your help. I'm taking part in a competition – could you vote for me? I'll send you the link.". The link leads to a fake login page that looks almost identical to Instagram or Facebook. Anyone who enters their details there hands them directly to the scammers.

The "I need the code" trick
Scammers pretend to be a friend of yours and tell you that they are having technical problems or have been locked out of their account. They claim they do not currently have access to their mobile phone and urgently need a security code. They then ask you to forward this code to them. In reality, the attacker has triggered the "forgot password" function in the background. The text message code you receive is in fact the key to your own account. If you pass it on, the criminals take over your profile immediately.

An example of a security or activation code scam.
An example of a security or activation code scam.

Once they have taken over your account, criminals often activate two-factor authentication (2FA) to lock you out permanently. The lengthy and complicated recovery processes can be extremely distressing – especially when you have to watch your identity being used to defraud your friends.

Recommendations

The National Cyber Security Centre (NCSC) strongly recommends the following measures:

  • Enable two-factor authentication (2FA): This is the most important protective measure. Activate 2FA, preferably using an authenticator app rather than text message. Even if criminals obtain your password, they will not be able to access your account without the second factor.
  • Store your recovery codes safely: When you set up 2FA, you will receive recovery codes. Print them out or store them securely. They are often the only way to regain access to your account if you lose your phone.
  • Be careful when you click on links: Be suspicious of messages that ask you to click on a link or enter your details, even if they appear to come from friends. If in doubt, give the person a quick call.
  • Be wary of "quick money" schemes: If a profile suddenly starts promoting unusual financial products, the account has most likely been compromised. Report the post to the platform and warn others, but do not interact with the account.

Last modification 13.01.2026

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2026/wochenrueckblick_2.html