A New York hacker pleaded guilty this week to running a massive spam bot program that infected Facebook-connected PCs.

The man, Eric Crocker, was charged along with nearly a dozen others for participating in a hacking forum called Darkode. Together, Crocker and others used a spam program called Facebook Spreader to infect PCs that were connected to Facebook. From there, the program seized control of the victim’s infected machine and turned it into a bot. The virus would spam messages to an infected user’s friends, and once the link was clicked, it would then infect the message recipient.

According to Reuters, Crocker and the other hackers on the Darkode forum were paid between $200 and $300 for every 10,000 infected computers. That means the group of hackers likely earned over $21 million. Now Crocker faces three years in prison, a $250,000 fine, or both.

“This operation is a great example of what international law enforcement can accomplish when we work closely together to neutralize a global cybercrime marketplace,” Assistant Attorney General Leslie Caldwell said.

Though it’s a good thing this particular hacker ring was caught, there are many more just like it operating all over social media. To make matters worse, they are often based overseas and not so easy for U.S. law enforcement officials to catch. But there’s really only one surefire way to avoid falling prey to scams like this: don’t click on suspicious links in the first place.