In those cases the fraudsters have stolen the account completely and locked the original user out, but I guess it's that kind of attack + the information leakage aspect that could be a concern..
Yes, true. Something similar happened to me when a I have received an email (gmail) from a friend asking for money because she was stuck somewhere. Similar pattern.
It's interesting to notice that this social engineering attacks are easy to carry in a place like US, where there is one common language.
I immediately detected that the mail was a fraud, because this person would have never write to me in English.
One example of the attack http://techcrunch.com/2009/01/20/latest-facebook-scam-phishe...
In those cases the fraudsters have stolen the account completely and locked the original user out, but I guess it's that kind of attack + the information leakage aspect that could be a concern..