💬

My Account Is Messaging People

6 minute read

Stop scam messages sent from your email, social media, or messaging account.

First moves

Do these before the deep dive

  1. Do not reply to the scam messages from the compromised account.
  2. Change the account password from a clean device.
  3. Sign out of all sessions and remove connected apps you do not recognize.
  4. Warn contacts with one calm message after the account is secure.
Words to use

Steal this sentence

My account was compromised. Please ignore any recent links, attachments, money requests, or urgent messages from me.

If your account is sending messages you did not write, the goal is to stop the attacker, warn people clearly, and check whether they used the account to reach anything else.

Do not spend the first few minutes apologizing to everyone individually. Secure the account first.

Secure The Account

Use a device you trust. If the attacker may have controlled your computer, use your phone or another device.

  1. Change the password.
  2. Turn on two-factor authentication.
  3. Sign out of all devices or sessions.
  4. Remove connected apps, browser extensions, or integrations you do not recognize.
  5. Check recovery email and phone settings.
  6. Check recent login locations.

If this is your email account, follow My Email Was Hacked next. Email is usually the highest-priority account because it can reset everything else.

Preserve A Little Evidence

Before deleting everything, capture enough information to explain what happened:

  • Screenshots of messages or posts you did not send.
  • The time they were sent.
  • Links, phone numbers, crypto addresses, payment handles, or email addresses used in the scam.
  • Any login alerts or security emails.

You do not need to become a forensic investigator. Just save the basics before cleanup.

Warn People Without Creating More Panic

Post or send one direct warning:

My account was compromised. Please ignore any recent links, attachments, money requests, or urgent messages from me. I have changed my password and secured the account.

If someone already clicked or paid, send them here: I Think I Was Scammed.

Clean Up The Account

After you have control again:

  • Delete scam posts, stories, and messages if the platform allows it.
  • Check profile details for changed phone numbers, emails, bios, links, or usernames.
  • Review scheduled posts or saved drafts.
  • Check marketplace listings, ads, business pages, and payment settings.
  • Report the compromise to the platform.

For Facebook, Instagram, TikTok, WhatsApp, Telegram, Discord, and similar apps, look for settings named Security, Privacy, Devices, Active Sessions, or Login Activity.

Check What The Attacker Was Trying To Do

Most compromised messaging accounts are used for one of these:

  • Sending fake investment links.
  • Asking contacts for emergency money.
  • Sending fake delivery, bank, or login pages.
  • Selling fake tickets, rentals, or marketplace items.
  • Asking for verification codes to take over more accounts.

That pattern tells you who might need a warning.

What To Do Next

If you reused this password anywhere else, change it there too. Start with email, banking, payment apps, Apple, Google, Microsoft, and phone carrier accounts.

If the attacker sent messages from a work account, tell your manager or IT team quickly. Early reporting is not about blame. It helps them warn coworkers before anyone else clicks.