It is a pure and simple matter of statistics. The phishing attempts that most people have become accustomed to are those that are sent to the widest range of addresses – you know, the Paypal, Washington Mutual, and Smith Barney emails you get with the embedded jpeg asking for your account information. The only problem is, you don’t have an account at any of those places. So, the phishers blanket inboxes hoping to catch just a few suckers that do. The low cost of implementation doesn’t help – sending email is cheap, cheap, cheap.
Huge distribution X low rate of success = some big dollars.
However, the opposite methodology could be applied as well, and it is.
IBM recently reported that the number of targeted phishing attempts (with the cute little name of “spear phishing” is rising dramatically. Carefully sculpt an email, send it to someone who you know is an existing customer, employee or otherwise, and the chances of nabbing a victim increases.
Targeted distribution X high rate of success = some big dollars.
Yes, the phishers have to be a bit smarter, a bit more ingenuitive, and willing to invest more time. But it is a natural progression.