The term that is used for specific targets of phishing attacks is “spear phishing“. It targets specific individuals with the hope of compromising that key person’s security. That seems to be the paradigm that hackers are using to focus on friends of employees of large technical firms:
“Personal friends of employees at Google, Adobe and other companies were targeted by hackers in a string of recently disclosed cyberattacks, raising privacy concerns and pointing to a highly sophisticated operation, security experts said.
Cybersecurity experts analysing the attacks said the hackers spied on individuals and used other sophisticated techniques, making them extremely difficult to stop. The disclosures come amid renewed alarm over cybersecurity after Google said it had been the target of a series of cyberattacks from China.”
Some of today’s hackers are very sophisticated and masters of human engineering. They know that people have a tendency to trust their friends online. There is a relaxing of the security protocols and an increased likelihood that a link from a friend may be clicked. And all that is needed for the hackers to gain access is that single click on a malicious link.