Cyber criminals have found a new way to steal from you. They’re hacking Facebook profiles to con users’ friends.

Here’s how it works:

An impostor gets into your Facebook account and sends your friends a shocking message. “Joe had a heart attack in Grenada!!!” Or, “Amy is in jail in Mexico!!!” The variations are endless, but almost always involve multiple exclamation marks. And, of course, it seems plausible, because the crook knows you that you really are on vacation. Because you shared the fact on Facebook.

This sort of scam usually addresses the recipient by name (because the crook has accessed your Facebook account which includes all your friends’ names) and the usual ‘ask’ is (US)$1,000.

For the crooks, it’s a numbers game. They’ve learned that a certain percentage of your friends will always send money first and ask questions later if they think you’re really in trouble.

But it pays to realize that this kind of scam can be perpetrated without hacking Facebook. The baddies have been doing it via e-mail for quite some time, now.

All that’s needed is a copy of a multi-address e-mail from you to all your friends. The crooks particularly like it when you really are going on a holiday. That makes it harder for your friends to check with you or your loved ones to see if the alarming message from the crooks is real or not.

Crooks can then send separate messages that appear to be from you to everyone on the multi-address list (they have ways of faking the sending address to look like it’s from you) and ask them all — ‘urgently’ — for money in your name.