@Jeruba Facebook profiles have at least one email address attached to them. There is an old proverb, “A journey of a thousand miles begins with but a single step”, only the journey in this case (from hacking a Facebook to nefarious things like clearing out a checking account) is about a city block or two.
As for targeted attacks versus spam, it depends. Many are just spammers picking the low-lying fruit, but not all. It’s a mix.
For example, the “real name only” policy caused outcry as there are people like battered woman who are hiding from their abuser who use Facebook but need a layer of anonymity to hide their location. (Before anyone says “Just don’t use Facebook!”, ask yourself if you’d be willing to ditch your phone service, forgo ever using the postal system and generally cut yourself off from society. If not then you know why that isn’t an option, especially for those who need help. This is 2016, not 1976!) Now, that would be a targeted attack, and one with potentially deadly consequences. There are other cases where an attack may be targeted as well. Anonymous rarely spams.
The thing is, technology has outpaced society’s knowledge of information theory. You know how some people worry about letting their kids use the internet without parental supervision? If the parent doesn’t know any better than the kid then it’s just ignorant fear-mongering, yet many adults who are otherwise intelligent really don’t know much more than my cat about that sort of thing. Look at how many people lost their jobs from posting a pic of them at a ball game on a day they called in sick and you’ll realize that just being over-18 doesn’t mean that you know how to control what secrets you reveal.
Even worse, most people think directly and rarely more than one step ahead, if that. I think you’ve seen me around enough to know I tend to think a bit more laterally and make connections other people can’t see even when pointed out to them. That’s a pretty common trait among those with strong computer skills; you need that sort of non-standard thinking to communicate with the inhuman mind of a computer well enough to bend it to your will. Who else has strong computer skills and bends machines to their will? Hackers. Fortunately, most hackers are “white hats”, but there are enough black hats out there that it’s best to play it safe.
As for the spammers, they are usually “script kiddies” with little/no real computer skills. Just as it’s possible to drive a car without knowing the difference between a crankshaft and a camshaft, you can find a spambot and send it on it’s way without any real computer skill. Wardialing is still a thing too, as is it’s wifi counterpart war driving. The latter is a reason why I configured my router to only accept connections from certain MAC addresses, but even that little safety measure is beyond the skillset of most people.
At the end of the day, the real danger is from people who have creative minds and the skills to make their ideas work. But the danger is not a new one, merely one that has added a new dimension since the internet went mainstream enough to make for a target-rich environment. That latter point is where a lot of technophobes go wrong; they think they are safe if they only deal with people face-to-face and pay cash for everything when the truth is that they leave a paper trail that can be followed and exploited just as easily as a data-trail. The only difference is that computers make it a bit faster and easier than old-school dumpster-diving or searching through paper records or just plain social engineering.