I witnessed an interesting attack today. Someone was able to register a new Facebook account with the email address of a friend of mine. We don't know how it happened, because Facebook requires you to click on a confirmation link to use an email address. Maybe the attacker got access to the mailbox somehow.
The interesting question for me is, why would someone do this? It is easy to create a free email address within minutes. Why does the attacker use the email address of someone else? It is no impersonation scenario, because the Facebook account has a totally different name than my friend. I cannot think of a reasonable scenario that makes stealing an email address for creating a Facebook account worth the effort. Am I missing something?
Update: First of all, no one from Facebook responded to our abuse message. Nevertheless the fake account was gone after several days - we have no idea if Facebook took active measures against this account or not.
I didn't think about the obvious counter measure against this fake account when the incident happened but this idea might be interesting to others facing a similar problem. If someone registers an account with your email address, there's nothing easier than resetting the password of this account and access/delete it - you are the owner of the email address bound to the account and the "lost password" function plays into your hands. I am not sure if this would be 100% legal though - depends on the question if the account is actually yours, if your email address is bound to it.