Status update: 'I've been hacked'

Recently, for instance, when Fenton the runaway labrador retriever became a YouTube hit, Clive waited until a week after the clip's popularity had spiked, then hacked a friend's Facebook account and posted the status update, "Fenton!", to make this friend seem like a lame, belated bandwagon-jumper. When Facebook Places allowed users to tag their friends in certain locations, Clive began falsely placing his Facebook fraternity at incongruous and/or embarrassing venues. As an act of revenge, one of his victims then tagged Clive at a strip club, Spearmint Rhino, which Clive happened not to have attended on the evening in question, though he is a regular. (Just a bit of banter, Clive!)

This sort of thing is known colloquially as "Frape", or "Facebook-rape". For reasons of taste, I'll simply refer to it as "hacking" for the remainder of this article – but it is certainly a form of violation, however minor.

Facebook has allowed us to curate our lives and our personalities for public view. Most of us are meticulous in our editing: we de-tag unflattering photographs, take time composing each status update and choose our "likes" or our "groups" with one eye on posterity, thus presenting to the world our ideal selves. If your Facebook account is hacked, the incident isn't over in a moment, like most practical jokes. It requires post-prank damage control: you may have to write a delicately worded apology to certain friends or family members. It could make Christmas very awkward.

In an astonishing act of betrayal, the girlfriend of a friend of mine – let's call her Belinda (it's Jess) – opened my friend's laptop to find that he was still logged into Facebook, and "liked" a series of celebrities he had recently professed to hate: Cheryl Cole, Jamie Oliver, Professor Brian Cox. How anyone could hate Professor Brian Cox is a mystery, but then, not everybody wants to broadcast their physics man-crush to the web. Finally, as my oblivious friend (who preferred to remain anonymous) finished a lengthy rant about the awfulness of a television commercial for the parcel-delivery firm UPS, Belinda "liked" UPS and wrote a status update under his name: "I'm loving the new UPS ad!"

To their credit, Clive and Belinda's attacks are smarter, and funnier, than those of the average Facebook hacker. Most of the hacks I was told about, after I invited my Facebook friends to relate their sorry tales, involved young men hijacking other young men's accounts. Unable to think of any mature jokes, they mostly made crude announcements on behalf of their victims, claiming they were now gay and open to offers. When my brother's account was infiltrated and his status updated to "I've come out of the closet, and it feels so gooooooood!!! [sic]", a friend of ours spent a fortnight working up the courage to ask whether it was true. (It was not – but, if it was, I would be totally cool with that.)

In some cases, a lewd status update could cause genuine long-term harm, not least to a person's career. Think of those stories of Facebook users whose employers have sacked them for their inappropriate party pictures and then imagine the potential effects of an inappropriate status update.

Similarly, a company's image can take a hit if its carefully monitored social-media activities are disrupted by an errant employee in possession of the correct password. Last year, Vodafone fired a fellow who posted an obscene tweet on its official Twitter feed. This year, a hijacker on Fox News's feed falsely reported that Barack Obama was dead. In October, hackers gained access to the Twitter account of the Thai Prime Minister and posted criticisms about her handling of the county's devastating floods.

Of course, these crimes are rarely, if ever, defensible. But sometimes they can be gratifying. Last week, one particular Facebook hack was shared widely on Twitter. The status update, from the victim, explains that he fled from a taxi after refusing to pay the fare: "I forgot my phone in the cab. And now [the] cab driver is teaching me a lesson by writing this post. Even though I was being [an] extremely rude, clumsy bastard, the cab driver is still kind enough to give me an opportunity to get my phone back. All [he's] asking is the fare I owe him and an apologising note on my Facebook wall. And [I] want all my friends to like it so they can see my true face... Once he sees the apologising note, he'll send the address to pick the phone up." Does that qualify as restorative justice?

Facebook hijacks: Do's and don'ts

Don't want to be hacked? Then don't give them access

There's only one sure-fire way to guarantee your waggish "friend" doesn't start sending text messages under your name: keep your phone on you. Likewise for Facebook and Twitter accounts that have automatic log-ins, where the password is saved by your web browser, allowing other people to log on as you.

Protect your password

Even if you leave your account locked, there are ways for the persistent hacker to access it. Most people use similar passwords across a range of accounts. Try to introduce some variety. And ideally, passwords should combine letters with numbers and, where possible, symbols.

If you really must...

...then at least be funny. There are dozens of sites devoted to some of the best attacks on friends' social-media pages – but most involve poor "gags" based on the recipient's sexuality, sexual preferences or sexual health. Take a tip from Clive's book and try something esoteric, such as "liking" out-of-character things.

Finally...

You're the hacker, not the hacked? If you're hell-bent on carrying out your prank, at least spare a thought for your victim and the repercussions he or she will face. There is light-hearted ridiculing and then there are the hacks that could cost them more: a relationship or a job. Be prepared to confess and, if necessary, apologise – publicly.