The disclosed computer-implemented method for determining whether malicious files are targeted may include (i) applying, to a malware detection structure, a plurality of sample data points, each sample data point corresponding to at least one of a malicious file known to be targeted and a malicious file known to be non-targeted, (ii) identifying one or more boundaries of the sample data points within the malware detection structure, (iii) determining, after identifying the sample boundaries, that a new data point falls outside of the boundaries, and (iv) classifying a malicious file associated with the new data point as non-targeted in response to determining that the new data point falls outside of the sample boundaries. Various other methods, systems, and computer-readable media are also disclosed.