Spear (Targeted) Phishing Example:
Associated Press Twitter Account Attack

1. Hackers send a targeted phishing email to an employee.

2. Employee clicks on a link, is redirected to a fake Google
     Mail website

3. Hackers get credentials for that mailbox

4. Hackers send an email from that mailbox to other AP employees. Other employees click on
     the fake news article link embedded and are asked for credentials

5. Hackers get more credentials, one with access to Twitter account, and reset the Twitter
     passwords.

6. SEA has full control of the Twitter account. SEA can post a fake Tweet!