What’s the difference between a targeted and untargeted attack?
When discussing cyber-attacks, you may hear us and others refer to targeted, or untargeted, when describing the type of attack. But what do the two terms actually mean?
We describe how each attack can work.
What is an untargeted attack?
As the name suggests, an untargeted attack is a cyber-attack which has not be tailored to its victim. Often this can mean the same scam is sent through email to thousands, even millions, of different addresses. Even though the scam is sent to many different email addresses, the scam itself is essentially the same, with little or no difference as each recipient opens it.
In the case of email, the scammer may have obtained your email address (most likely along with thousands of other email addresses) but they no little or nothing else about you. As such, they push their scam on to everyone they can in the hope that at least a small number of people fall for it.
Sponsored Content. Continued below...
With untargeted scams, the disadvantage to the crook is that only a small percentage of would-be victims will actually fall for the scam since the attack hasn’t been specifically tailored to them. The advantage however is that they can send their scam to masses of people with little effort, meaning the success rate doesn’t have to be that high to make the scam viable.
An example of an untargeted attack could be a phishing email pretending to be from a particular bank that attempts to lure recipients into clicking a link leading to a spoof webpage. Since it is untargeted, there is no personal information on the email itself, other than perhaps the email address, and the crook has to hope that a substantial portion of the recipients are actually customers of that particular bank.
What is a targeted attack?
While you are far less likely to be the target for a targeted scam, they are often much more convincing than their untargeted counterpart, because they have been tailored specifically to try and trick their victim, either as an individual or the business that they represent.
With a targeted scam, the crook will have done some sort of research to find out information about the victim or the company they work for, and they will use the information they find to make their scam more convincing or more effective.
Sponsored Content. Continued below...
For example, using the untargeted example we mentioned above, this could mean including a victim’s name, address and phone number in an email phishing scam as well as pretending to be from a bank the crook knows they are a customer with, turning an untargeted scam into a targeted one.
Alternatively a targeted scam could mean the crook probes a business’s network security defenses and where on the network a business store important files, in order to launch an effective and crippling ransomware attack at a later date.
Targeted scams are less common, since the crook needs to take the time to research their potential victim. However the advantage is that they are far more likely to trick their victims because of that extra effort.