Facebook is arguably one of the safer corners of the Internet, with fairly complex security and privacy controls. But when passwords get busted, even on Facebook, not everyone is whom they're pretending to be. Like a Nigerian scammer, posing only slightly convincingly as one of your real-life friends, trying to get you to send them a $900 wire transfer.

A former university colleague ("Evan") passed along this Facebook conversation, which he promises really happened to him. In it, a scammer takes over one of his real-world friend's accounts ("Calvin"), pretends to be stranded in London, and asks for money to get a plane ticket and pay hotel bills.

We've asked Facebook about how common these types of scams are -- one made the rounds last November -- and what they do about them. (Update: Facebook response below.) In the meantime, a friendly reminder to be skeptical on the Internet, even when you think you're talking to someone you've known for years.

Calvin: hey



Evan: holy moly. what's up man?



Calvin: i need your help urgently



Evan: yes sir



Calvin: am stuck here in london



Evan: stuck?



Calvin: yes i came here for a vacation

Calvin: on my process coming back home i was robbed inside the hotel i loged in



Evan: ok so what do you need



Calvin: can you loan me $900 to get a return ticket back home and pay my hotel bills



Evan: i think so. that really sucks



Calvin: can you loam me now



Evan: well maybe i don't know that's a lot of $



Calvin: how can you loan me?



Evan: what do you want me to do



Calvin: i want you to loan me $900

Calvin: i promise i pay you back



Evan: how do you want me to loan it to you?



Calvin: you can have the money send via western union



Evan: oh yeah that's true



Calvin: will you go and send it now



Evan: well i don't know



Calvin: you can have it send online now www.westernunion.com



Evan: damn how did you get stuck there



Calvin: i came here for a vacation and i was robbed by some gang



Evan: ok well i want to help you, since we're friends



Calvin: ok. Thanks



Evan: sure thing man

Evan: ok one question



Calvin: are you sending it now?



Evan: what was the name of our high school mascot?

Evan: hello?

Evan: cal?



Calvin: Shawnee Mission Northwest High '01



Evan: what? i know



Calvin: it seems you dont to help



Evan: what of course i do want to help



Calvin: am in a hot sits here and you asking me silly question



Evan: what is hot sits



Calvin: am dead here



Evan: i hope you die there

YOU HACKER

good luck finding someone stupid

bye now



(a few minutes later)



Evan: oh wait. i just realized what an idiot you are and its actually kind of funny



Calvin: are you not dead



Evan: who taught you english?



Calvin: my sister#



Evan: your english is bad

it does not sound like the english of someone from the us

so no one will believe you



Calvin: how can you teach me



Evan: ok i will. but you have to send me $900.



Calvin: they dont send western union here

we only receive



Evan: what country are you in?



Calvin: nigeria



Evan: i have bad news for you

many americans know about nigerians sending emails to this country to try to get money



Calvin: yes



Evan: it is a trick that we know about so we are very careful



Calvin: eeeeeeeeeeeeh



Evan: you will not find a stupid person to send you money



Calvin: i have got some



Evan: well good job

Evan: do you live in lagos or in another city?



Calvin: Lagos

how did you got to know



Evan: i am a student of the world

i would like to travel to lagos



Calvin: lagos is a place to be

to visit

so full of enjoyment

so when are you coming



Evan: why do you steal money from people?



Calvin: i need money for my college fees

but i wanna stop

i promise i will stop

but you people slave us

during the 60s



Evan: we did not have slaves in the 60s



Calvin: but you about the slave trade



Evan: yes that is true

but slaves have been illegal here for almost 150 years



Calvin: i can see that you ae a law student

why can't you become a lawyer



Evan: i will be a lawyer in 2 years when i finish school



Calvin: ok



Evan: how old are you?



Calvin: 27

i need work

i eed a god job



Evan: there are many nigerians in america

do you know anyone who has gone to another country?



Calvin: i know there many nigerian that is in america

i want to come to america

to complte my education



Evan: maybe i will visit someday

i hope you don't steal any more money

good luck finding a job



Calvin: sure.... you will love it



Evan: what is your name?



Calvin: tunde



Evan: i must go tunde

be well my friend



Calvin: cant we be friend

can you add me on your facebook friends



Evan: i am sorry, but due to the odd circumstances of our initial greeting, i must terminate this relationship. i hope you understand.



Calvin: am sorry for that evan



Evan: as am i, tunde

as am i

Update: Facebook responds. As expected, this isn't too common.

This is a very low volume attack, affecting only a small number of users, but the potential impact to an individual user is high so we're taking it very seriously.

Our team has already detected various trends in the accounts of users who have been compromised. We're using this data to quickly surface compromised accounts, ideally before the spammers have gotten very far. When we find compromised accounts or they are brought to our attention, we're working to make sure the accounts get back to their rightful owners as soon as possible.

First, we are disabling the account because, in some cases, the spammer has added a new contact email address and removed the old one. We then ask that the rightful owner to contact our user operations team via this contact form: http://www.facebook.com/help/contact.php?show_form=account_compromised.

We're reminding users to be very suspicious of anyone, even friends, who ask you over the Internet to send money. Please verify their circumstances through some other means than the web (e.g. call them or mutual friends). If you see something that looks amiss with any of your friend's accounts, please report it to us through one of the contact forms on the site.

These and other security tips can be found on our security page (http://www.facebook.com/security).