In today's digital world, cybercrime is responsible for significant damage to
organizations, including financial losses, operational disruptions, or
intellectual property theft. Cyberattacks often start with an email, the major
means of corporate communication. Some rare, severely damaging email threats -
known as spear phishing or Business Email Compromise - have emerged. However,
the literature disagrees on their definition, impeding security vendors and
researchers from mitigating targeted attacks. Therefore, we introduce targeted
attacks. We describe targeted-attack-detection techniques as well as
social-engineering methods used by fraudsters. Additionally, we present
text-based attacks - with textual content as malicious payload - and compare
non-targeted and targeted variants