Granular user/domain targeting
Summary
Attackers are known to narrow the scope of their phishing campaigns to focus on specific organizations by targeting only specific domains, and even specific users within the organization. While this was once as simple as adjusting the email delivery list for your phishing campaign, this is a little more complex when you are distributing links over various channels and mediums with less control.
Less specific forms of targeting include adjusting the scope to only target individuals or companies operating in specific geolocations (or excluding specific ones you don’t want to target — most commonly seen with Russia-affiliated campaigns).