The disclosed computer-implemented method for classifying security events as targeted attacks may include (1) detecting a security event in connection with at least one organization, (2) comparing the security event against a targeted-attack taxonomy that identifies a plurality of characteristics of targeted attacks, (3) determining that the security event is likely targeting the organization based at least in part on comparing the security event against the targeted-attack taxonomy, and then in response to determining that the security event is likely targeting the organization, (4) classifying the security event as a targeted attack. Various other methods, systems, and computer-readable media are also disclosed.