Q On Jan. 13, I received an urgent phone call from a Facebook friend asking if I was OK and if I really needed money. While logged into Facebook, she had received an instant message from someone posing as me. She was told that I had been mugged and robbed in the United Kingdom and was asked to wire money to me because my purse had been stolen. Any questions or objections my friend raised were answered by the impostor.

I told my friend that none of this was true, then logged on to my Facebook account. There I saw live instant-message conversations going on between the impostor and several of my friends, urging them to send money. Two more friends then called to see if it was really me asking for help.

It was a unsettling experience for me and my friends. Thankfully they weren't duped, but they easily could have been.

I e-mailed Facebook customer support, and they immediately changed my password. I also asked how this could have happened with their touted security. I have not yet received a reply.

Your readers who may blithely join Facebook should be aware that there is a risk, even if you take precautions. My password would not have been easily guessed because it was not a word in the dictionary, and included four letters and four numbers. The only people in my Facebook friends list are people that I know well. I'm very careful about the websites I use.

What are the things Facebook users should or shouldn't do to minimize the risk?


A This is called a "419 scam," and has been tried on other Facebook users. The number is a section of the Nigerian legal code, a reference to a Nigerian e-mail scam that promises riches in return for a small investment.

While there's no way to know, Facebook says your account was probably attacked by someone who stole your password on one of the other websites where you said you used the same one.

"This is a very low-volume attack, affecting only a small number of users," said Facebook spokesman Simon Axten. "We're reminding users to be very suspicious of anyone, even friends, who ask for money over the Internet." Report an attack at tinyurl.com/ya6bk7p.

Axten's other security tips are:

Choose a strong password and use unique credentials for each of your Web accounts.

Use an up-to-date browser with an anti-phishing blacklist, one that blocks websites that trick people into revealing passwords.

Use anti-virus software.

Reset your Facebook password if you suspect your account has been compromised. For details, see www.facebook.com/security.

E-mail tech questions to steve.j.alexander @gmail.com, or write to Tech Q&A, 425 Portland Av., Minneapolis, MN 55488-0002. Include name, city and phone number.