Targeted or not targeted?
many of us have been having discussions and arguments over if the recent bbb phishing attacks are targeted or not.
thinking on this, i believe the better equivalent which may solve our terminology disagreements on if these bbb phishing emails were targeted or not would be “targeted spam” as a tried concept. we can assume, although in some cases incorrectly, that spam is bulk.
usually, spam goes to “lists” of addresses, harvested. sometimes it is targeted to a certain audience. but there are other types of lists, not just of addresses and interests.
it is possible to buy lists of addresses of people who attended rsa and visited booths, for example. or any other number of trade-shows. it is possible to harvest linkedin, etc.
my take is that this attack is targeted in the sense that it goes to certain individual types only, but is quite mundane and bulk in the type.
we need terms for individual/close-to attacks and attacks by targeting an audience, still in bulk.