become incredibly sophisticated but most of their tricks depend on hidden triggered operations. Facebook and other social sites depend on the users being faked into allowing or doing something that appears to be perfectly normal, but is not. It can include malware, too, but some of that is caught by good security software services . If you do not have software for it on your computer and keep it updated or use an automatically updated online service you absolutely need to do so.
But be aware that trolling sites or using trickery on social sites, etc. can be ways to first find addresses for malware to be targeted. The fact that you received an email from someone you know probably means he was somehow targeted first for you to get that email from "him".