Mike Brown was late to join Facebook’s swelling ranks. When he finally did, he kept his security settings high, used perfect punctuation and was careful about what he posted.

His friends couldn’t believe he would post a “very, very vulgar” pornographic picture on his Facebook profile, as he appeared to last April. As they suspected, he didn’t.

His account had been hacked.

Users of social networking sites like Twitter and Facebook are learning they are vulnerable to online bullies, who use malicious programs to snatch their identities.

Perpetrators access their accounts by figuring out passwords or by “phishing” — sending links to fake websites masquerading as trusted ones, which ask for and collect login and password information. Once they access an account, these cybervillians use the individual’s online identity to ask friends for money, promote products or just cause trouble.

On Twitter, this might mean offering followers a $500 Victoria’s Secret gift card or encouraging them to click on a link to get 100 followers. Even celebrities have been hit, including CNN’s Rick Sanchez, Britney Spears and Barack Obama, who last January unknowingly asked his followers to take a survey and win $500 in free gas.

Stephen Hockema, a professor in the faculty of information at the University of Toronto, doesn’t think people realize how valuable social networking info is to spammers. “You can target a specific group that you know has something in common,” he says.


“You can actually send a message to somebody that looks as if it’s coming from a friend. You’re much more likely to get their attention. That’s what advertisers are paying for, is attention.”

Facebook now has a list of security FAQs about these scams, including what steps to take if you’re targeted.