Not necessarily. We have employees sent the usual phishing emails claiming to be from the CEO - but sent to their personal email addresses, since the attackers know targeting a corporate domain won't work because of the "similar-name-but-external-domain" warnings.
I figure these kinds of relationships are determinable from linkedin etc., but they're still automated. Using family members seems like an extension of this technique, sending phishing from someone you probably know.
I figure these kinds of relationships are determinable from linkedin etc., but they're still automated. Using family members seems like an extension of this technique, sending phishing from someone you probably know.