Two weeks ago, the Facebook.com status message for a guy named Bryan Rutberg was changed to read "BRYAN IS IN URGENT NEED OF HELP!!!" Simultaneously, his friends were e-mailed a plea for cash that said he had been robbed at gunpoint in the United Kingdom.

Bryan, of course, wasn't in the United Kingdom. He was at home in Seattle, in bed. (And even if he were in the U.K., he'd be very unlikely to be at gunpoint -- they're too hard to obtain there.) But his friends didn't know that. They thought he was really in trouble, and unable to get to a phone. A couple friends called him anyway, and Bryan realized his Facebook account had been hijacked. But when he tried to log into his page to set the record straight and warn everyone, he found that the scammers had locked him out so they could pose as him to beg for money in chats. By the time Rutberg was able to get back into his Facebook account, one of his friends (a Microsoft employee; please, no jokes) had wired $1,200 via Western Union to London.

The jig would have been up a lot earlier if only Facebook had a phone number to use to alert it to the profile hijacking. But it doesn't. Facebook forces members to use e-mail channels for privacy concerns. Rutberg had to e-mail Facebook to sound the alarm. But as we have all learned, e-mail, which is supposed to deliver quick communication, usually just encourages companies to procrastinate. Facebook's keyboard monkeys took 48 hours to shut his page down. Too late; the damage was done. To make matters worse, when Rutberg asked Facebook which of his friends had been sent e-mails containing the scam, the site refused to say. Get a court order, he was told.

The scam has been hopping around Facebook since last November. All it really takes is for someone to get ahold of your password, which they can easily do by sending you an e-mail that looks exactly like one from Facebook. You click on that, you try to log in, and then the thieves will have all they need.

I myself have had my Facebook profile hacked, but fortunately, the only damage was a Wall posting, purporting to be from me, to many of my friends, proclaiming my love for them and listing a website for them to visit. My name was merely used for spam, not for a scam, and for a while, the victims got some warm-and-fuzzies thinking of my affections.

Those of us who are on Facebook invariably have a subset of friends who simply refuse to join us. Like vegetarians or people who don't own TVs, people who aren't on Facebook are likely to brag about the fact the instant conversation swerves anywhere near the topic.

Lots of the anti-Facebookers I know cite the same concern: Privacy. If they load lots of personal information on their profiles, they reason, then they'll be open to identity breaches. But it turns out that the biggest Facebook scams don't involve skimming your personal details, but simply hijacking your friends and pulling their heartstrings.

I suppose the only way to be immune is to be unpopular. But I end with a side note to my friends: If I'm ever in trouble, I will never use Facebook to let you know.