Not surprisingly, one organization that gets impersonated a lot in phishing emails is the IRS itself, which last week warned taxpayers to watch out for fake emails.
FORBES: FTC: Explosion Of Tax Identity Theft Swamps Growth In Other Consumer Complaints
Tumblr told its customers to review any e-mail conversations they had with Zendesk to make sure there was no account information that could be used in phishing attacks.
Associated Press said that at least 18 pupils were involved in the phishing, which gave them control over 300 computers allocated for student use at the school in the Alaskan town of Ketchikan.
The link provided in a phishing e-mail would appear to be legitimate, as it is for the PayPal site.
The hackers then used those login details to forward all mail coming into the account to a third party, or in some cases gathered information about contacts to use in other phishing scams.
FORBES: Here's The Fake Gmail Site Chinese Hackers Used To Steal U.S., Activist Data
Awareness education is key to teaching how to identify the emotional triggers in a spear phishing email.
FORBES: As Neighborhood Watch For The Web, Google Now Flags Nearly 10,000 Dangerous Sites Daily
"Phishing in a more general sense is about social manipulation, " Ramzan says.
For example, in a standard phishing operation, an organized crime group might commission the creation of a scam web page and contact a secondary broker to get a list of thousands of email addresses.
It also said several employees had been sent phishing emails in the days leading up to the attack.
Early this year, Twitter experienced several phishing attacks in which a Web page that looked identical to the widely recognized light blue Twitter page was a hoax.
The phishing email in question appeared to come from the email account of another AP staffer, with a request to click a link to a "very important" article on the Washington Post website.
BBC: AP Twitter account hacked in fake 'White House blasts' post
Warnings have been repeated about an e-mail phishing scam in which recipients are told they are due a tax refund and asked to fill in an online form with bank or credit card details.
Web sites are layering on more security to fight the common Web scam known as phishing, in which spammers lure people into logging on to a bogus site and steal their user names and passwords.
In its blog post about the compromise last week, Twitter asked users to be wary of phishing websites and disable Java in their browsers.
FORBES: Twitter Hack Mostly Hit Early-Adopter, Well-Connected Users (And Probably President Obama)
Having trained more than 3.1 million employees (using PhishMe.com) at universities, government agencies, and large enterprises, we have found that immersing people in the experience through mock phishing exercises, and presenting immediate, bite-sized educational to those who are susceptible has had the desired effect of reducing human vulnerability to these attacks.
FORBES: As Neighborhood Watch For The Web, Google Now Flags Nearly 10,000 Dangerous Sites Daily
That loophole lets cybercriminals host "phishing" sites, in which they impersonate legitimate pages and ask for users' bank codes or other sensitive information.
This theoretical threat presupposes a compromised Google account, and Google had worked hard to reduce the possibility of hijacking accounts through tools like phishing and malware detection in Chrome and Gmail, default HTTPS in Gmail, 2-step verification, and others.
FORBES: Android Bug Would Have Allowed Phone Infections From A Computer Click
The compromised data in these forums tends to come from phishing attacks--those spammy e-mails asking you to send along your financial data--and from malware.
This week, reports surfaced online about a phishing scheme by hackers that resulted in the posting of thousands of user names and passwords for Web-based e-mail accounts, including Windows Live Hotmail, Gmail and Yahoo Mail accounts.
The Syrian Electronic Army's typical tactics to date have included sending "phishing" emails to glean log-in information from unsuspecting victims.
The 10 biggest search engines in China have signed up to the anti-phishing scheme to ensure that users looking for bank websites go to the right place.
But in response to what is believed to be a phishing-style attack - where fraudsters attempt to obtain information such as by email - the company has been directly calling some of its customers.
Many of the state-backed attacks used phishing campaigns to try to get a foothold in a target company.
In tests, 70% of users could spot a phishing site because it lacked the green marker, says Callan.
The anti-phishing initiative comes at the end of a week in which the personal details of almost 10% of China's 485 million web users were stolen.
For example, the Bouncer Phishing Kit could be used to gather personal details on people in one particular country.
But phishing is more akin to spotting a likely mark as Joe did in his grungier mugging days.
Some users criticised Twitter's email, suggesting it looked like a "phishing scam" - a message that impersonates an official email in an attempt to trick users into giving up personal details.
Moreover, the largest number of email antivirus detections in 2012 was recorded in the U.S. (12.5 percent), and the U.S. was the top target for phishing attacks (32 percent), Kaspersky Lab reported on Monday in Moscow.
Bredolab began operating in 2009 and Mr Avanesov used a variety of techniques, including automated attacks and phishing messages, to expand it.
应用推荐