I've gotten emails with links "From" my parents names, but checking the addresses it was accounts on random .edu domains. The fact that separate emails came from two different names I knew really made me feel targeted.
Not necessarily. We have employees sent the usual phishing emails claiming to be from the CEO - but sent to their personal email addresses, since the attackers know targeting a corporate domain won't work because of the "similar-name-but-external-domain" warnings.
I figure these kinds of relationships are determinable from linkedin etc., but they're still automated. Using family members seems like an extension of this technique, sending phishing from someone you probably know.
