Michael Maris became an unwitting spammer.
The 22-year-old college student from Chicago received messages last year from annoyed friends on MySpace, wondering why he had used the social networking site to send them pitches for male enhancement products.
He checked his outgoing mail folder and discovered that someone had hacked into his account, then blasted the unsolicited messages to each of his 70 MySpace pals. Among the recipients were his nieces, ages 14 and 16.
"I couldn't believe that it happened," he said.
Social networking sites, which let users create detailed profile pages and connect with friends, are becoming the hot new thing for identity thieves, both amateur and professional. As improved spam filters and skeptical consumers make bogus e-mail less successful, scam artists are taking advantage of the atmosphere of trust that exists within these online circles of friends.
Symantec Corp., a tech security firm, recently reported that 91% of the bogus U.S.-based websites used in so-called phishing attacks during the second half of 2007 imitated the log-in pages of two unnamed social networking sites -- believed by industry executives to be the two biggest, MySpace and Facebook. Phishing tries to trick recipients into visiting phony websites and disclosing account numbers, passwords and other personal data.
"The bad guys are very adaptable. If something doesn't work, they come up with something new," said Kevin Haley, a product executive at Symantec. "Users feel more comfortable surrounded by their friends online -- what could be safer?"
Sometimes financial gain isn't the objective. Cyber-bullies have taken over the social networking accounts of acquaintances to post vicious rants or engage in mischief.
Frank Nein, a new-media executive in Los Angeles, is still perturbed that a man showed up at the home of his 12-year-old daughter after another girl impersonated her during MySpace chats.
Nicole Whiting, a 19-year-old nanny from Charlotte, N.C., fielded questions from friends about her new boyfriend, Patrick. They learned of the relationship on what they thought was her Facebook page.
One problem, she said: "I don't even know a Patrick."
It turned out that "some lonely guy" had copied her pictures from her MySpace page, borrowed her first name and created a Facebook profile for an imaginary girlfriend. Her problem ended after she tracked down Patrick and complained.
