When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.
09 Apr 2025
•
,
4 min. read
News that someone close, be it a friend, relative, or colleague, has had one of their valuable online accounts compromised is bound to trigger a mix of reactions. Concern for them comes first, naturally. But not too much later, a more self-interested question should also surface: Could I also be at risk? Yes, you might be.
How so? In our interconnected digital world, security incidents often don’t remain isolated, to the point that the ‘blast radius’ of even a single account hack could widen and hit people in the victim’s personal network. Recognizing this risk should, therefore, be part of your personal cyber-awareness toolkit.
Friend or foe?
Maybe you’ve already received a message that ostensibly came from a close friend but felt off. Perhaps it was a plea for money out of the blue, it urged you to “look who died”, or it just read strangely throughout. In many cases, these anomalies share a common thread: impersonation, the specter of which may loom large especially after an account takeover.
Cybercriminals know only too well that messages that appear to come from someone we know may naturally bypass our initial skepticism. They are adept at exploiting not just technical vulnerabilities, but especially some of what makes us human – including the trust inherent in our personal networks.
In other words, an attacker who can hijack someone’s WhatsApp account, email, or social media profile gains a powerful lever: established trust that lets them pivot to the victim’s contacts, all while masquerading as the victim. From this vantage point, they can coax many other people to visit phishing websites, ensnare them in all manner of scams, distribute info-stealing malware, or blast out spam across social media feeds.
Perhaps even more insidious are highly personalized attacks. Scammers don’t necessarily stop at indiscriminately blasting the contact list. By accessing someone’s account, they can gain entry into vast archives of people’s private conversations and their shared histories. This trove of personal information can be weaponized to craft bespoke scams that reference specific details from people’s lives that only someone in their circle would know.
Consider also the peril of shared accounts or other digital spaces. Have you previously shared access to streaming services or other online tools with the person who was hacked? What if the same or similar login credentials have been used to access other digital accounts? Given our penchant for password reuse, attackers have for years been harvesting logins and use them to wrest control of accounts on other online services as part of credential-stuffing attacks.
Security thrives on layers
So, what steps can you take when you learn someone in your circle has been compromised? First off, consider reaching out to them through other, verified channels and alert them to the situation as they may not be aware of the incident yet. All it takes is a quick phone call or a message, via a different platform, of course.
Consider reviewing security settings on all your valuable accounts. Ensure you’re using passphrases or strong and unique passwords randomly generated by a trusted password manager. That way, no two accounts should share the same login.
Two-factor authentication is also a non-negotiable line of defense. Even if your password were to be compromised, the extra layer of authentication can keep intruders at bay, particularly if you use a hardware security key or a dedicated authenticator app.
Have you recently logged into any of your online accounts on your friend’s device? Revoke permissions for any accounts, devices, or networks tied to your friend, change the logins, review the activities on your account and keep an eye out for any suspicious activity.
Also, scrutinize your own digital habits and be mindful of your digital footprint. Consider how much personal information you share online, especially on social media. Many cybercriminals rely not only on compromised logins, but also on data gleaned from people’s public profiles to craft convincing phishing messages. A flurry of suspicious emails or other oddities involving your friend’s account could ultimately be a signal to review your own privacy and security habits.
Be skeptical of urgent messages even if they reference your personal details. Attacks are becoming increasingly sophisticated with AI-driven tools capable of mimicking voices, images and even videos, making them appear all too real.
Understanding the cybercrime ecosystem also helps. The dark web is where stolen credentials and malware kits are typically bought and sold, enabling attackers to orchestrate impersonation scams and other intrusions more easily. Use a dark web scanning service that will alert you to your newly-found personal details in the internet’s seedy underbelly so you can take action in time.
Obviously, installing reputable security software across your devices will go a long way towards keeping you safe from all manner of threats online.
Collective awareness and security
Finally, chances are high your relative or friend could use some help when rebuilding their digital life. While your priority may be self-protection, offering practical assistance to them once you’ve secured your own footing can be invaluable. After all, we all have a role to play in building a safer digital world.