What would you do if your best friend's Discord got hacked?

Why this specific scenario matters

A DM from a friend's hacked account is the most common phishing vector targeting teens in 2026 — more common than fake emails, fake logins, or "free Robux" pages combined. The attack works because it bypasses every defense a teen has: the link doesn't come from a stranger, the language matches how the friend actually talks, and the urgency (9:47 PM, "before more people see") short-circuits deliberation.

The pattern behind the DM

The scammer's account didn't start as a scammer. Somewhere up the chain, Alex — or Alex's friend, or Alex's friend's friend — clicked a link and entered their Discord password on a fake page. Now the scammer has a real account with a real name and a real profile picture, and they're sending the same "omg is this u" message to every contact. When it arrives on your phone, it comes from a person you trust.

That's the whole trick. Scammers don't try to fake a friend — they hijack a real one.

What "safe" looks like in real life

• Verify through a different channel. Text Alex on iMessage, not back on Discord. A hacked account can't respond on a different platform.
• Don't click — even "just to see". Most phishing pages now include a pixel-perfect fake Discord login. One click + one typed password = compromised account.
• Warn the group. If you recognize the pattern, people who trust you might not.
• Never share a password or 2FA code after a DM prompt. Real platforms don't ask.

Read the full parent guide

If you're a parent reading this, we wrote a full guide on what to do if your teen clicked a phishing link like this: My Teen Clicked a Phishing Link — What To Do Right Now. Covers the 30-minute action plan, platform-by-platform recovery, and when to escalate to FTC or FBI IC3.