48 chapTer 3 Phishing Attacks How did It occur? So did the perpetrator know specifically that Milton had a Facebook account and that he was techno junkie? No, in fact, we would dare say that perpetrator could have cared less about Milton in particular. The person or persons behind this scam had obtained, most likely, a mailing distribution list that consisted of millions of e-mail addresses that just happened to contain his friend Gary's e-mail address. How did it wind up there? The perpetrator probably got Gary's e-mail address when he responded to one of those lovely chain e-mails asking him to forward it to 10 other people. You know what I'm talking about: we're all guilty of doing that chain letter gimmick at one point or another in our lives. So essentially the perpetrator threw bait into the water, and unfortunately, Milton's friend Gary latched onto the hook. But how did it get onto Facebook? This particular exploit targeted Facebook subscribers and within Facebook, modifying the account so that it spawns messages out to friends with curious statements in which to lure more people in. Remember, while it appears as though the exploit was on Facebook, in reality it was not. Facebook merely acted as a proxy that redirected victims to a site where a piece of malware could be installed to systems that have inadequate protection from this particular attack. So please don't interpret this attack as spawning from Facebook; this could happen on any social net-