The phishers are getting more sophishticated (sic) and i've seen some good ones come through. They are targeting big and small services in the hope that they discover usernames and passwords, allowing them to log in elsewhere.
On Monday, Twitter sent a memo to major media and news outlets about the threat — if they hadn't known already or at least reported on some of them — and noted that it believed these "attacks will continue."
Twitter acknowledged that the "incidents" appear to be "spear phishing attacks that target your corporate email," that appear to be legitimate emails and are often sent directly to the account holder.
Twitter should do something about their security, it's ridiculous.
I once had a big customer that had their CC's stolen off their site, several times, and that server was hardened to the max. We even got the FBI involved if I remember correctly and nobody could ever figure it out as it was NOT coming from any unknown source, only the client IPs ever accessed the CCs. Couple of years later some hacker in Canada got busted and I later learned that he had a trojan on a machine inside their office and was tunneling in via their IP address which is why we couldn't catch anyone doing anything unusual.
They thought they had a hardened corporate firewall too, guess not!
I knew it wasn't our server at fau
So the idea of a single clean machine that is only used to access critical data, or a twitter account, is not a bad idea if you're a big company like AP.
Don't click stuff even if you know the sender thanks to Facebook breaches I get phishing attempts from my daughter and her machine is clean, it's just her name on some other email address. You must check everything before trusting it and even then it's not safe.
Check the link before you click it, make sure it's real.
When checking it's still hard to always tell even then as I've seen phishers add subdomains to sites and you see things like "ebay.com.example.com/youreabouttobescrewed.html" which would easily confuse those that don't know what a subdomain is and CLICK!