Last week one of my friends' Orkut account has been hacked. we tried to recover the account but the hacker changes the password immediately and we could not get it back. I could see the preciousness of an account on that day on my friend's eyes.
Normally All type of attacks are following the same scenario, The origin is clicking the unwanted links from other's profiles. An example snap is shown in the image below.
After you clicking the link, it goes to an page asking Username and password.. If you enter, Game is over.. So At this stage you must not give your username and password..
Warning: Please Don't type your Gmail | Orkut passwords at sites which are not from google.