A researcher from Microsoft Research posited at the WEIS 2010 workshop Tuesday that the answer is simple economics. Mass attacks such as phishing, spam, email viruses and others have been around for nearly 20 years. The amount of time and money it takes to send out 10 million phishing emails versus five million emails is negligible once the attacker has his infrastructure in place. Even with relatively low returns per attack, these kinds of scalable attacks yield a high profit for professionals, said Cormac Herley of Microsoft Research.
Source: https://threatpost.com/economics-targeted-attacks-060810/74079/

